[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
-----BEGIN PGP SIGNED MESSAGE-----
> So does that mean you do or do not like DNSSEC? :)
Can't say, I didn't dig into that deep enough.
> I'd like to see a normal ntp client that runs over Tor safely - can
> you show us an example of a way to do that? If so, I'd gladly
> consider running such an NTP service. I already run a normal UDP
> OpenNTP server in the pool.
>> The system can not be adapted since you will have a hard time
>> finding public, free NTP servers, which support authenitcated
>> NTP. And even if you find a very few, you can not rely on a small
>> amount of servers. A big pool is required for distribiuted
> That's a resource issue, not a technical issue. We can solve both,
> I think. I'd like to know if someone has actually used normal NTP
> clients over Tor, even with private servers and found that it was
Ok, I am sorry, I messed up. There is no way to run NTP *directly*
over TCP. I found the following interesting posts about this issue:
We could run NTP over Tor, if we tunnel UDP over OnionCat. Due to
usage of hidden services, Tor would provide authentication. (NTP
autokey could be added for another layer of authenication.) But it
were NTP over TCP over UDP, which wouldn't be (according to the posts
above) exact as ordinary NTP over TCP.
I don't know how less accurate it were and if that is a good idea or
not. Or if we find willing people to run it. Please discuss. If there
is intererest, it could be tried to develop some instructions how to
provide NTP as hidden service and share the result in the tpo wiki.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
tor-talk mailing list