Re: [Tails-dev] Tails htpdate - why use time information fro…

Nachricht löschen

Nachricht beantworten
Autor: intrigeri
Datum:  
To: The Tails public development discussion list
Alte Treads: [Tails-dev] Tails htpdate - why use time information from neutral and foe pools?
Betreff: Re: [Tails-dev] Tails htpdate - why use time information from neutral and foe pools?
Hi,

[sorry for the delay...]

Disclaimer: I've not thought of this very hard, and I lack the
theoretical background to reason about it in formal terms.

Patrick Schleizer wrote (28 Aug 2014 14:42:55 GMT) :
> Even if they don't agree to send fake time information, I don't
> understand why connecting to a foe/hostile server and using their time
> information is any useful.


I think our design doc is putting too much weight on the pal/foe
naming (and in turn, quite logically, you are too :)

IMO, the idea is to get different pools of servers so that those
picked from one pool are unlikely to plot with those from other pools
against Tails users.

> I can't think of another area in which asking a hostile for advice is a
> good idea. Maybe "if friend and foe both agree, you can be confident
> that they're right; if they disagree, look further" - but that's not
> what Tails htpdate is doing.


Indeed, it should probably discard information that is diverging too
much from what others tell us. Care to file a "research" ticket
about it?

> Or asked the other way around:
> How much worse would you be off if basically, Tails htpdate would pick
> three random servers from the pal pool, and then build the mediate of
> the three advertised dates.


Intuitively, I think it would put too much weight on the trust we have
in the servers that are in the "pal" pool. But again, I may very well
be wrong.

Cheers,
--
intrigeri