Re: [Tails-dev] [tor-talk] secure and simple network time (h…

Delete this message

Reply to this message
Autore: intrigeri
Data:  
To: Jacob Appelbaum
CC: tor-talk, tails-dev
Oggetto: Re: [Tails-dev] [tor-talk] secure and simple network time (hack)
Hi,

Jacob Appelbaum wrote (19 Jul 2012 23:48:48 GMT) :
> The key difference with htpdate is that one has a cryptographic
> signature. I'll take a subset of possible MITM attackers over fully
> trusting something that anyone could MITM.


I think this is wrong in the context of Tails.

There are a few pieces of software called htpdate, and the one Tails
uses only connects to HTTPS servers, and delegates to wget the X.509
certificates validation:
https://tails.boum.org/contribute/design/Time_syncing/#index3h2

In addition, the pal/foe/neutral pool system Tails uses gives *some*
protection against untrustworthy sources of time information, which
limits what one can do with only a few illegitimate X.509 certificates
they got from a "trusted" CA:
https://tails.boum.org/contribute/design/Time_syncing/#index4h2

Thanks a lot for your detailed answer!
I'll think about the rest later.

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc