[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
Jacob Appelbaum:
>> If anything, TLS is much harder to get right (see issue #16 on
>> GitHub, for instance — tlsdate is currently susceptible to a MITM
>> attack).
>
> It's a work in progress, of course. I use it with a pinned CA, so
> in such a case, users are not vulnerable to a MITM attack unless
> one can get certs from that specific CA.
Wouldn't it be better to get ride of all CAs? Rather pin the CA
certificate of certain websites instant of pinning a CA?
And even if you use only a single source over TLS (pinned) as time
source... How is it better than using a single authenticated NTP
server over TCP?
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk