[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] secure and simple network time (hack)

> There are a few pieces of software called htpdate, and the one Tails
> uses only connects to HTTPS servers, and delegates to wget the X.509
> certificates validation:
> https://tails.boum.org/contribute/design/Time_syncing/#index3h2

Unfortunately wget (nor any other command line downloader) doesn't
support to pin the certificate of the website.

So it still depend on the flawed root CA system.

(Don't take this too harsh. Although there is space for improvement I
seriously consider adding tails_htp to aos. Thanks to the distributed
trust model, I think it's currently the safest method.)

> In addition, the pal/foe/neutral pool system Tails uses gives *some*
> protection against untrustworthy sources of time information, which
> limits what one can do with only a few illegitimate X.509 certificates
> they got from a "trusted" CA:
> https://tails.boum.org/contribute/design/Time_syncing/#index4h2

If I understand correctly, you pick three random servers. One from each
pool. And then build the mediate of the three.

What's the point of asking the foe pool? (Servers which generally do not
care about privacy.)

Why doesn't tails_htp ask more than three servers for the time and build
the mediate? Like 6, 9 or 12.
tor-talk mailing list