[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

> Jacob Appelbaum:
>>> If anything, TLS is much harder to get right (see issue #16 on
>>> GitHub, for instance — tlsdate is currently susceptible to a MITM
>>> attack).
>> It's a work in progress, of course. I use it with a pinned CA, so
>> in such a case, users are not vulnerable to a MITM attack unless
>> one can get certs from that specific CA.
> Wouldn't it be better to get ride of all CAs? Rather pin the CA
> certificate of certain websites instant of pinning a CA?

Sure - practically this is the same thing - except, you might run a CA
yourself, with a rotating key on the server. The abstraction is nice as
it allows you to keep the trusted key offline.

I think adding an option to verify the leaf certificate's fingerprint,
rather than just the signature alone would be a fine idea.

Also, there is a TODO item that specifically addresses this with
TLSA/DANE/CAA but that relies on DNSSEC. DNSSEC is basically the CA
system done slightly differently, so, it depends a lot on what you mean
by "getting rid of all CAs" - Moxie has said a lot about this topic but
I suspect he's not on the list.

> And even if you use only a single source over TLS (pinned) as time
> source... How is it better than using a single authenticated NTP
> server over TCP?

I've never seen a system that shipped with authenticated NTP enabled.
I'm sure it has happened but generally, ntp is unauthenticated and is
run as a UDP service. I'd be interested to see a client configuration
that works over TCP and has strong integrity protection of the remote time.

All the best,
tor-talk mailing list