[T(A)ILS-dev] About HTP

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: tails-dev
Subject: [T(A)ILS-dev] About HTP
Hi,

the replacement of NTP with HTP has been bringing a lot of issues
during our RC testing time.

(
For the record:

- Replacing NTP with HTP was decided to protect T(A)ILS users against
possible attacks that could be mounted against their Tor usage by an
attacker who is able to spoof the NTP replies on-the-fly and thus
mess with the system time. AFAIK, no research has ever been done
wrt. such attacks. I'm of course not saying they are not possible,
pro-active security measures are needed in T(A)ILS. OTOH, I probably
should not have dealt with this idea like I did. Looking backwards,
a few more important features would have deserved higher priority
than this one.
- The proposal, specifications and initial research about HTP happened
in November 2009. Proposals and criteria about a HTP (web)servers pool
were made at this time too. The code needed to implement this was then
written in august and September 2010. All this needed a lot of time
and energy.
)

We are now in October 2010, I just uploaded a rc3, and...

- comments on the wiki indicate that the chosen servers pool has
  various problems. The main problems I read about were:
  #1 the two "trusted" servers can trigger suspicion (well, ok, but
     this pool was proposed almost one year ago...)
  #2 the "neutral" server has seemingly random response times (ok.
     any alternative proposal?)
- additional needs arise:
  #3 user notification [...] in case of HTP failure (note that we had
     no such notification in case of NTP failure in 0.5)


I must say I am starting to be a bit tired and nervous about this
whole HTP thing. I now need your input to decide what to do with these
problems... and fix the ones that we consider as blocking for the 0.6
release.

So, which ones of these do you consider as blocking for the 0.6
release?

I am considering reverting the NTP->HTP switch, release 0.6, and deal
with the last mentioned issues for 0.7 in a more relaxed way.
I hope someone steps up and deals with these last HTP problems.

Bye,
--
intrigeri <intrigeri@???>
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr-fingerprint.asc
| Then we'll come from the shadows.