Re: [T(A)ILS-dev] About HTP

このメッセージを削除

このメッセージに返信
著者: anonym
日付:  
To: The T(A)ILS public development discussion list
題目: Re: [T(A)ILS-dev] About HTP
05/10/10 18:42, intrigeri:
> Hi,
>
> the replacement of NTP with HTP has been bringing a lot of issues
> during our RC testing time.
>
> (
> For the record:
>
> - Replacing NTP with HTP was decided to protect T(A)ILS users against
> possible attacks that could be mounted against their Tor usage by an
> attacker who is able to spoof the NTP replies on-the-fly and thus
> mess with the system time. AFAIK, no research has ever been done
> wrt. such attacks. I'm of course not saying they are not possible,
> pro-active security measures are needed in T(A)ILS. OTOH, I probably
> should not have dealt with this idea like I did. Looking backwards,
> a few more important features would have deserved higher priority
> than this one.
> - The proposal, specifications and initial research about HTP happened
> in November 2009. Proposals and criteria about a HTP (web)servers pool
> were made at this time too. The code needed to implement this was then
> written in august and September 2010. All this needed a lot of time
> and energy.
> )
>
> We are now in October 2010, I just uploaded a rc3, and...
>
> - comments on the wiki indicate that the chosen servers pool has
>   various problems. The main problems I read about were:
>   #1 the two "trusted" servers can trigger suspicion (well, ok, but
>      this pool was proposed almost one year ago...)
>   #2 the "neutral" server has seemingly random response times (ok.
>      any alternative proposal?)


https://secure.wikimedia.org/wiktionary/en/wiki/Wiktionary:Main_Page
https://www.facebook.com/
https://ixquick.com/
https://www.mozilla.com/
https://ssl.scroogle.org/
https://www.fastmail.fm/
https://duckduckgo.com/

# for the following sites the login/registration pages have less
# clutter. still safe?
https://www.paypal.com/se/cgi-bin/webscr?cmd=_registration-run
https://signup.mail.com/UserInformationB.aspx
https://www.myopenid.com/signin
https://en.wordpress.com/wp-login.php

> - additional needs arise:
>   #3 user notification [...] in case of HTP failure (note that we had
>      no such notification in case of NTP failure in 0.5)

>
> I must say I am starting to be a bit tired and nervous about this
> whole HTP thing. I now need your input to decide what to do with these
> problems... and fix the ones that we consider as blocking for the 0.6
> release.
>
> So, which ones of these do you consider as blocking for the 0.6
> release?


FYI, I wrote all those comments. IMHO, #1 and #2 will only be really
relevant when we make it easy to use Tor bridges only, so I don't see
them as blockers at the moment. #3 isn't a blocker either, just
something that'd be nice for the clueless end-user.

> I am considering reverting the NTP->HTP switch, release 0.6, and deal
> with the last mentioned issues for 0.7 in a more relaxed way.
> I hope someone steps up and deals with these last HTP problems.


I haven't encountered any htp-related bugs in rc3 (except the
lists.debian.org delay, if that can be called a bug), so I'd like to see
it stay.

Cheers!