Re: [Tails-dev] [tor-talk] secure and simple network time …

Supprimer ce message

Répondre à ce message
Auteur: adrelanos
Date:  
À: The Tails public development discussion list
CC: tor-talk, Elly Fong-Jones
Sujet: Re: [Tails-dev] [tor-talk] secure and simple network time (hack)
Jacob Appelbaum:
> Elly Fong-Jones:
>> On Tue, Apr 16, 2013 at 01:03:27PM +0200, intrigeri wrote:
>>> Hi Jacob and Elly,
>>>
>>> Thanks for your answers! See more questions bellow.
>>>
>>> Jacob Appelbaum wrote (11 Apr 2013 06:56:18 GMT) :
>>>> Basically - tlsdate in Tails would be a minor set of users compared to
>>>> the much larger user base of ChromeOS.
>>>
>>> Sure.
>>>
>>> I doubt we can blend in this "anonymity" set, though: unless Tails
>>> wants to forever copy the set of hosts ChromeOS queries (which I don't
>>> think we would want to rely upon on the long run), then Tails' use of
>>> tlsdate will probably be fingerprintable at least by the ISP if the
>>> connections are made in the clear, so we probably would want to run
>>> tlsdate over Tor anyway.
>>
>> Even if not, there are other easyish ways to distinguish a Chrome OS

device,
>> such as the autoupdate behavior.


Good point. Running tlsdate in the clear will therefore be
fingerprintable and subsequently the whole client could get blocked in
censored areas.

What could be the solution? I don't know. Can there be ever any network
time sync solution which works in the clear?

If many distributions jump on the tlsdate train by shipping tlsdate by
default, that may help?

>From ntp* manpage:

"ntpd adjusts the clock in small steps so that the timescale is
effectively continuous and without discontinuities"

I haven't had any issues without that feature and therefore don't miss
it. My speculation is, that mainstream distributions may care more.

> I assume over time one would be able to distinguish it - though we
> mostly care about getting a correct clock and then if someone tries to
> guess our OS, we might be fine with them then filtering us or trying to
> attack us. However, if we haven't set our clock correctly, we might have
> some issues with actual attacks like replaying a consensus, etc.


This is a difficult topic, I hate being a nitpicker, don't have all the
answers, but must say...

Distinguishing the operating system should be prevented if somehow
possible: otherwise achievements made by pluggable transports wouldn't
last long.