Hi,
Ideas ([0] and [1]) about a more resilient htpdate were implemented in
feature/more_resilient_htpdate, debugged and tested.
The main thing left to do is to make our pools bigger, and this is why
I'm writing here.
For every pool (trusted, distrusted, neutral) we need more hostnames.
Suggestions are most welcome.
Each hostname must satisfy the following conditions:
* serve https://
* support TLSv1
* use a SSL certificate that makes wget happy (beware of certificate
name mismatches) in Debian stable
* give out a Date: header
* be stable and reliable
Here's how to test:
$ wget --no-cache -e robots=off --secure-protocol TLSv1 \
--spider --server-response https://$HOSTNAME
[0]
https://tails.boum.org/todo/more_resilient_htpdate/
[1]
https://tails.boum.org/todo/more_resilient_htpdate_pool/
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
| Then we'll come from the shadows.
