I don't really understand your reservation about this project. It's reasonable
to want authenticated time to a non-webserver of ones choice. Depending on
your environment, tlsdate is complementary to the various other
programs. You can (and will) use whatever you decide fits your needs,
but please don't disparage a valid project because it segfaults "after a
while". It's a work-in-progress, better to contribute useful information
than complain.
On Fri, Apr 12, 2013 at 02:43:13PM +0300, Maxim Kammerer wrote:
> On Fri, Jul 20, 2012 at 3:07 AM, Jacob Appelbaum <jacob@???> wrote:
> > Allow me to be very explicit: it is harder to parse an HTTP Date header
> > than properly than casting a 32bit integer and flipping their order. The
> > attack surface is very small and easy to audit.
>
> Just discovered that tlsdated in tlsdate-0.0.6 is dying with a
> segmentation fault after a while. Not surprised after seeing the code
> — my experimentation with this gimmick is finally over. Turns out that
> “throw something together and wait for patches” is not a sound
> development approach.
>
> --
> Maxim Kammerer
> Liberté Linux: http://dee.su/liberte
> _______________________________________________
> tor-talk mailing list
> tor-talk@???
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
