[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] [Tails-dev] secure and simple network time (hack)

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
From: Jacob Appelbaum <jacob@xxxxxxxxxxxxx>
Date: Sun, 22 Jul 2012 18:34:36 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 22 Jul 2012 14:34:13 -0400
In-reply-to: <5009B489.5070106@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Openpgp: id=4193A197; url=http://www.appelbaum.net/gpg.asc
References: <4F42AD50.4050807@xxxxxxxxxxxxx> <85sjgwz3kw.fsf@xxxxxxxx> <85629l4rne.fsf@xxxxxxxx> <CAHsXYDBwc83hbT_swdod0xOfTdq9x2gQBFtOZHi=7ULxVKGMkw@xxxxxxxxxxxxxx> <5008A13D.7090402@xxxxxxxxxxxxx> <5009564F.7020206@xxxxxxxxxx> <500960B5.3050100@xxxxxxxxxxxxx> <500968A5.6080603@xxxxxxxxxx> <50097F63.1000506@xxxxxxxxxxxxx> <5009B489.5070106@xxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

adrelanos:
> Jacob Appelbaum:
>> So does that mean you do or do not like DNSSEC? :)
> 
> Can't say, I didn't dig into that deep enough.

In a sense, we can compare the root ('.') to a single CA that can
further delegate to other CAs such as '.se' and so on.

> 
>> I'd like to see a normal ntp client that runs over Tor safely - can
>> you show us an example of a way to do that? If so, I'd gladly
>> consider running such an NTP service. I already run a normal UDP
>> OpenNTP server in the pool.
> 
>>> The system can not be adapted since you will have a hard time
>>> finding public, free NTP servers, which support authenitcated
>>> NTP. And even if you find a very few, you can not rely on a small
>>> amount of servers. A big pool is required for distribiuted
>>> trust.
> 
>> That's a resource issue, not a technical issue. We can solve both,
>> I think. I'd like to know if someone has actually used normal NTP
>> clients over Tor, even with private servers and found that it was
>> suitable?
> 
> Ok, I am sorry, I messed up. There is no way to run NTP *directly*
> over TCP. I found the following interesting posts about this issue:
> http://lists.ntp.org/pipermail/questions/2007-October/015832.html
> http://lists.ntp.org/pipermail/questions/2007-October/015834.html
> http://lists.ntp.org/pipermail/questions/2007-October/015859.html
> 

That's what I thought.

> We could run NTP over Tor, if we tunnel UDP over OnionCat. Due to
> usage of hidden services, Tor would provide authentication. (NTP
> autokey could be added for another layer of authenication.) But it
> were NTP over TCP over UDP, which wouldn't be (according to the posts
> above) exact as ordinary NTP over TCP.
> 

Wow - talk about a hack!

> I don't know how less accurate it were and if that is a good idea or
> not. Or if we find willing people to run it. Please discuss. If there
> is intererest, it could be tried to develop some instructions how to
> provide NTP as hidden service and share the result in the tpo wiki.

It seems like providing a simple phase locked loop over TCP isn't that
hard to do.

All the best,
Jacob

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- Re: [tor-talk] secure and simple network time (hack)
  - From: intrigeri
- Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
  - From: Maxim Kammerer
- Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
  - From: Jacob Appelbaum
- Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
  - From: adrelanos
- Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
  - From: Jacob Appelbaum
- Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
  - From: adrelanos
- Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
  - From: Jacob Appelbaum
- Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
  - From: adrelanos

Prev by Author: Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
Next by Author: Re: [tor-talk] Torbirdy and gpg --throw-keyids
Previous by thread: Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
Next by thread: Re: [tor-talk] secure and simple network time (hack)
Index(es):
- Author
- Thread