[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
From: adrelanos <adrelanos@xxxxxxxxxx>
Date: Fri, 20 Jul 2012 12:59:59 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 20 Jul 2012 08:59:31 -0400
In-reply-to: <5008A13D.7090402@xxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4F42AD50.4050807@xxxxxxxxxxxxx> <85sjgwz3kw.fsf@xxxxxxxx> <85629l4rne.fsf@xxxxxxxx> <CAHsXYDBwc83hbT_swdod0xOfTdq9x2gQBFtOZHi=7ULxVKGMkw@xxxxxxxxxxxxxx> <5008A13D.7090402@xxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

Jacob Appelbaum:
>> If anything, TLS is much harder to get right (see issue #16 on
>> GitHub, for instance — tlsdate is currently susceptible to a MITM
>> attack).
> 
> It's a work in progress, of course. I use it with a pinned CA, so
> in such a case, users are not vulnerable to a MITM attack unless
> one can get certs from that specific CA.

Wouldn't it be better to get ride of all CAs? Rather pin the CA
certificate of certain websites instant of pinning a CA?

And even if you use only a single source over TLS (pinned) as time
source... How is it better than using a single authenticated NTP
server over TCP?
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
  - From: Jacob Appelbaum

References:
- Re: [tor-talk] secure and simple network time (hack)
  - From: intrigeri
- Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
  - From: Maxim Kammerer
- Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
  - From: Jacob Appelbaum

Prev by Author: Re: [tor-talk] Transparent re-writing packet destinations to hidden service?
Next by Author: Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
Previous by thread: Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
Next by thread: Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
Index(es):
- Author
- Thread