[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Jacob Appelbaum:
> So does that mean you do or do not like DNSSEC? :)

Can't say, I didn't dig into that deep enough.

> I'd like to see a normal ntp client that runs over Tor safely - can
> you show us an example of a way to do that? If so, I'd gladly
> consider running such an NTP service. I already run a normal UDP
> OpenNTP server in the pool.

>> The system can not be adapted since you will have a hard time
>> finding public, free NTP servers, which support authenitcated
>> NTP. And even if you find a very few, you can not rely on a small
>> amount of servers. A big pool is required for distribiuted
>> trust.
> 
> That's a resource issue, not a technical issue. We can solve both,
> I think. I'd like to know if someone has actually used normal NTP
> clients over Tor, even with private servers and found that it was
> suitable?

Ok, I am sorry, I messed up. There is no way to run NTP *directly*
over TCP. I found the following interesting posts about this issue:
http://lists.ntp.org/pipermail/questions/2007-October/015832.html
http://lists.ntp.org/pipermail/questions/2007-October/015834.html
http://lists.ntp.org/pipermail/questions/2007-October/015859.html

We could run NTP over Tor, if we tunnel UDP over OnionCat. Due to
usage of hidden services, Tor would provide authentication. (NTP
autokey could be added for another layer of authenication.) But it
were NTP over TCP over UDP, which wouldn't be (according to the posts
above) exact as ordinary NTP over TCP.

I don't know how less accurate it were and if that is a good idea or
not. Or if we find willing people to run it. Please discuss. If there
is intererest, it could be tried to develop some instructions how to
provide NTP as hidden service and share the result in the tpo wiki.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJQCbSJAAoJEJwTGtNxOq7vuAEP/2v1L9+Wq4vJWpLDa+lBC/jo
oSjoKBOc9DCyFumWypmwTqDZPgFBNNJ57kuTAcctEAirRnju/LETqVx5evciTIBr
i/x5Xd1o92bYGqNRC7uAjXVXcjG98FkNO/pqvOUSXQDc6TaESU2v293e5ekkcvKF
9J6sc0wlZRHnhBrB4Mrbwlg9ayhoSK19+vYoDjwAIy8zIEHj3riyNSrG5iQVy+t8
BNLWRnMRLdR94jyx7VKLk6vGb+zq7d0f00HAKziYoVOpnxuvdKd664cx/OvGNOho
XB9VIcIOgsfBUDi7dB5wq9T9jG1Q4YFEd08w2bWcf6V4/6omV8By/6nO4SIpR4+S
B+xGym8s9KKlTaKBkCk+1pHXWVV8VOurPVb88G/pi9UdG40OGhUjib8hAbNjwRWK
q3lj36Sn85c7L+gSAvjfTS+F7ifADhPE0l3/lgGS01/XhvHGpek7yq/AGre7Do0G
76gHZYFqsfEccAHmDh/FJPia54NSFpV1XIykoY6Heng2b/hQ1CkqX0gPdRq4jIbA
DmoILKcfXkSJsW3kjEQhUngzdSILkT7rHRXnCtL3Wqr1ZwMdXvvmaj3XUyBcXffC
y9I4QVh+Q/cGraXG+TGrIhw2sDD/LciLbVMrksN6hUq3/315caSkdo3NIoN8yJcO
9vzbpJv4q6XdNBAa8jC9
=/rsw
-----END PGP SIGNATURE-----
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk