[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

Jacob Appelbaum:
>> If anything, TLS is much harder to get right (see issue #16 on
>> GitHub, for instance — tlsdate is currently susceptible to a MITM
>> attack).
> It's a work in progress, of course. I use it with a pinned CA, so
> in such a case, users are not vulnerable to a MITM attack unless
> one can get certs from that specific CA.

Wouldn't it be better to get ride of all CAs? Rather pin the CA
certificate of certain websites instant of pinning a CA?

And even if you use only a single source over TLS (pinned) as time
source... How is it better than using a single authenticated NTP
server over TCP?
tor-talk mailing list