Re: [Tails-dev] secure and simple network time (hack)

Borrar esta mensaxe

Responder a esta mensaxe
Autor: adrelanos
Data:  
CC: tor-talk, The Tails public development discussion list
Asunto: Re: [Tails-dev] secure and simple network time (hack)
Jacob Appelbaum:
> adrelanos:
>> Jacob Appelbaum:
>>> If I were to reinvent the wheel without having read any of tordate's
>>> source, I would:
>>>
>>>   open the consensus or the cached-microdescs
>>>    parse the absolute minimum time
>>>   stat the respective file to see the last possible atime/mtime/ctime
>>>   pick the later time of the two
>>>   jump the clock forward again

>>
>> What in case the directory authority is not reachable (censored area)?
>>
>
> Well, if we have a file on the disk, we don't even have to touch the
> network to jump the clock, right?


I must admit I am the over thinking type. Three cases. One appears
unsolved to me.

1) there is a file on disk -> no consensus parser required
2) there is no file on disk; Tor directory authority available -> parse
consensus
3) there is no file on disk; Tor directory authority is not reachable -> ?

How likely is it that there is no file on disk and that Tor directory
authority is not reachable? I have no idea, just thought, if it isn't a
likely use case, you wouldn't think about a consensus parser.

>> Is the parasitic approach future proof anyway? Won't that cost the
>> remote server admins cpu load and traffic?
>
> Probably and probably not?


I don't know.

>>
>> What if the remote server admins install some "intelligent" filter,
>> which blocks Tor? (for other unrelated spam/ddos issues)
>
> Which server admins? People offering TLS?


The admins of the servers which tlsdate contacts, i.e. top 100 alexa or
whatever hosts you may pick.)

>>
>> Why trust and get the time of some remote server admins who are not
>> really willing to run a network time server? They most likely get their
>> own time over unauthenticated NTP. Getting time from TLS is more a hack
>> than a replacement for non-existing tcp, authenticated and distributed NTP.
>>
>
> Yeah, I'm aware. Really, well aware. People keep telling me over and
> over again


I apologize, very sorry for my wording and didn't want to join that, in
fact very happy about ANY kind of improvements in the network time sync
area.

<snipped the other parts where I agree and have nothing to add>

Cheers,
adrelanos