Re: [Tails-dev] Why doesn't Tails use tlsdate? (htp replacem…

Supprimer ce message

Répondre à ce message
Auteur: intrigeri
Date:  
À: proper
CC: The Tails public development discussion list
Sujet: Re: [Tails-dev] Why doesn't Tails use tlsdate? (htp replacement)
Hi,

proper@??? wrote (06 Jun 2012 01:15:55 GMT) :
> Why doesn't Tails use tlsdate, made by Jacob Appelbaum? [1] [2]


> Wouldn't it be a good replacement for htp?


Because it's not clear at all where, and how it could fit into,
replace or improve the current time sync' system we already have:
https://tails.boum.org/contribute/design/Time_syncing/

I had difficulties communicating on this topic with Jacob on IRC, so
I told him I will have a serious look once he makes this point clear.

tlsdate could be a good replacement for HTP once it has the features
we need (e.g. our three-pools design) -- OTOH, another options could
be to keep our existing htpdate wrapper (that implements the clever
bits), and merely replace wget + header parsing in there with tlsdate.
In this context, tlsdate communication would go through Tor.

However, it *seems* to me Jacob was suggesting us to run tlsdate in
the clear, that is without going through Tor; hence the question
I raised about the network fingerprint of this tool, unanswered as of
today (see <85sjgwz3kw.fsf@???> on tor-talk). I'm worried running
tlsdate in the clear would get us back to the "Tails leaves a clear
bootstrap network fingerprint" old days we have managed to escape with
our current time sync' system.