Re: [Tails-dev] Risks of enabled/disabled TCP timestamps?

Delete this message

Reply to this message
Autore: intrigeri
Data:  
To: The Tails public development discussion list
Vecchi argomenti: Re: [Tails-dev] Risks of enabled/disabled TCP timestamps?
Oggetto: Re: [Tails-dev] Risks of enabled/disabled TCP timestamps?
Hi,

I was a bit sad that the TCP timestamps thing went nowhere, after the
energy we've put into discussing it, so I've built an ISO with the
corresponding branch merged in, and successfully run the automated
test suite on it. So, at least we now know it doesn't break too much
stuff in obvious ways. Good!

But that's not enough to merge this branch:

intrigeri wrote (07 Jan 2014 23:12:31 GMT) :
>>> I'll come back to you and Jacob for the design doc phrasing, as I'm
>>> still not convinced we can put statements as bold as "tracking the
>>> clock down to the millisecond" in there, without thinking a bit about
>>> how an attacker is affected by the network lag between the time a TCP
>>> timestamp was created, and the time when they get to see the packet.


>>> I mean, I'm weak at stats and all and you probably know better, but
>>> learning that "some unknown time ago, the system clock was T with
>>> a millisecond precision" does not really give me the current system
>>> clock with a millisecond precision, does it?


>> This still needs some input.


> Now known as #6581.


This is still waiting for some input from those who are confident that
disabling TCP timestamps buys us much, and feel able to phrase it in
a way that's suitable for our design doc. Once we have that phrasing,
I volunteer to integrate it into the design doc and propose a branch.

Any taker?

Cheers,
--
intrigeri