Re: [Tails-dev] [tor-talk] secure and simple network time (h…

Supprimer ce message

Répondre à ce message
Auteur: adrelanos
Date:  
À: tor-talk
CC: tails-dev
Nouveaux-sujets: Re: [Tails-dev] Tails' htpdate [Was: secure and simple network time (hack)]
Sujet: Re: [Tails-dev] [tor-talk] secure and simple network time (hack)
intrigeri:
> There are a few pieces of software called htpdate, and the one Tails
> uses only connects to HTTPS servers, and delegates to wget the X.509
> certificates validation:
> https://tails.boum.org/contribute/design/Time_syncing/#index3h2


Unfortunately wget (nor any other command line downloader) doesn't
support to pin the certificate of the website.
https://lists.gnu.org/archive/html/bug-wget/2012-07/msg00007.html

So it still depend on the flawed root CA system.

(Don't take this too harsh. Although there is space for improvement I
seriously consider adding tails_htp to aos. Thanks to the distributed
trust model, I think it's currently the safest method.)

> In addition, the pal/foe/neutral pool system Tails uses gives *some*
> protection against untrustworthy sources of time information, which
> limits what one can do with only a few illegitimate X.509 certificates
> they got from a "trusted" CA:
> https://tails.boum.org/contribute/design/Time_syncing/#index4h2


If I understand correctly, you pick three random servers. One from each
pool. And then build the mediate of the three.

What's the point of asking the foe pool? (Servers which generally do not
care about privacy.)

Why doesn't tails_htp ask more than three servers for the time and build
the mediate? Like 6, 9 or 12.