[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] secure and simple network time (hack)



Hi,

Jacob Appelbaum wrote (19 Jul 2012 23:48:48 GMT) :
> The key difference with htpdate is that one has a cryptographic
> signature. I'll take a subset of possible MITM attackers over fully
> trusting something that anyone could MITM.

I think this is wrong in the context of Tails.

There are a few pieces of software called htpdate, and the one Tails
uses only connects to HTTPS servers, and delegates to wget the X.509
certificates validation:
https://tails.boum.org/contribute/design/Time_syncing/#index3h2

In addition, the pal/foe/neutral pool system Tails uses gives *some*
protection against untrustworthy sources of time information, which
limits what one can do with only a few illegitimate X.509 certificates
they got from a "trusted" CA:
https://tails.boum.org/contribute/design/Time_syncing/#index4h2

Thanks a lot for your detailed answer!
I'll think about the rest later.

Cheers,
-- 
  intrigeri
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk