Hi!
I've got a question for Tails' design regarding to HTP source pools [1].
> [...] The HTP pools used by Tails are based on stable and reliable
webservers that get great amounts of traffic. They are categorized into
three different pools according to their members' relationship to the
members in the other pools; any member in a one pool should be unlikely
to share logs (or other identifying data), or to agree to send fake time
information, with a member from the the other pools. The pools are as
follows:
> - The "pal" pool are run by groups that are likely to take great care
of their visitors' privacy.
> - The "foe" pool are managed by adversaries of the "pal" pool.
> - The "neutral" pool members have a neutral raltionship to both the
"pal" and "foe" pool. [...]
Even if they don't agree to send fake time information, I don't
understand why connecting to a foe/hostile server and using their time
information is any useful.
Why would you for example trust nsa.gov to share legit time information?
If you assume the time information by nsa.gov might be malicious in any
way in your opinion, and you'd probably express that opinion by adding
the to the foe pool, why bother asking them?
How can their time opinion be any useful for getting a good time guess?
I can't think of another area in which asking a hostile for advice is a
good idea. Maybe "if friend and foe both agree, you can be confident
that they're right; if they disagree, look further" - but that's not
what Tails htpdate is doing.
Or asked the other way around:
How much worse would you be off if basically, Tails htpdate would pick
three random servers from the pal pool, and then build the mediate of
the three advertised dates.
Cheers,
Patrick
[1]
https://tails.boum.org/contribute/design/Time_syncing/