[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] secure and simple network time (hack)
Jacob Appelbaum wrote (19 Jul 2012 23:48:48 GMT) :
> The key difference with htpdate is that one has a cryptographic
> signature. I'll take a subset of possible MITM attackers over fully
> trusting something that anyone could MITM.
I think this is wrong in the context of Tails.
There are a few pieces of software called htpdate, and the one Tails
uses only connects to HTTPS servers, and delegates to wget the X.509
In addition, the pal/foe/neutral pool system Tails uses gives *some*
protection against untrustworthy sources of time information, which
limits what one can do with only a few illegitimate X.509 certificates
they got from a "trusted" CA:
Thanks a lot for your detailed answer!
I'll think about the rest later.
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
tor-talk mailing list