Re: [Tails-dev] [tor-talk] secure and simple network time (h…

Delete this message

Reply to this message
Author: Jacob Appelbaum
Date:  
To: The Tails public development discussion list
CC: tor-talk
Subject: Re: [Tails-dev] [tor-talk] secure and simple network time (hack)
intrigeri:
> Hi,
>
> Jacob Appelbaum wrote (19 Jul 2012 23:48:48 GMT) :
>> intrigeri:
>>> So, Jake tells me that ChromeOS will use tlsdate by default, and that
>>> this should solve the fingerprinting issue. Therefore, I assume this
>>> implicitly answer the (half-rhetorical, I admit) question I asked in
>>> March, and I assume there is indeed some fingerprinting issue. So, in
>>> the following I'll assume it's relatively easy, for a close network
>>> adversary (say, my ISP) to detect that I'm using tlsdate.
>>>
>
>> It isn't shipping yet, so we'll see what happens.
>
> I'm told ChromeOS ships it nowadays, so I'm excited at the idea to
> learn more about it, so that we can move forward a bit about the
> fingerprinting issue.


It does indeed - their network time document is here:

https://docs.google.com/a/chromium.org/document/d/1ylaCHabUIHoKRJQWhBxqQ5Vck270fX7XCWBdiJofHbU/edit

>
> I was not able to find any authoritative information about how they
> run it. Their time sources [1] design doc is quite clearly outdated.
> Where can I find up-to-date information on this topic? I assume one of
> the dozens of Chromius Git repositories [2], but which one?
>
> [1] http://www.chromium.org/developers/design-documents/time-sources
> [2] http://git.chromium.org/gitweb/
>


Basically - tlsdate in Tails would be a minor set of users compared to
the much larger user base of ChromeOS.

I've also just updated the INSTALL file to document the different places
that git-master of tlsdate works:

Debian Gnu/Linux 6.0.7
Ubuntu 11.04, 12.04, 12.10
CentOS 6.2, 6.3
Fedora 17, 18
RedHat Enterprise Server 6.4
OpenSUSE 11.2, 12.3
FreeBSD 10-CURRENT
Mac OS X 10.8.2, 10.8.3
ChromeOS 26.0.x.x, 27.0.x.x (tlsdate is part of the ChromeOS TCB!)

I'd like to settle on a list of hosts that it uses by default which may
include a Google host or not. I haven't yet decided.

All the best,
Jacob