[tbb-bugs] #12999 [Tor Browser]: Use one clock skew per URL bar domain

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jan 29 04:52:23 UTC 2015

#12999: Use one clock skew per URL bar domain
     Reporter:                  |      Owner:  tbb-team
  arthuredelstein               |     Status:  new
         Type:  enhancement     |  Milestone:
     Priority:  normal          |    Version:
    Component:  Tor Browser     |   Keywords:  tbb-fingerprinting-time-skew
   Resolution:                  |  Parent ID:
Actual Points:                  |
       Points:                  |

Comment (by arthuredelstein):

 Replying to [comment:4 mikeperry]:
 > One thing that Arthur and I discussed today was adding some kind of
 RELAY cell command to obtain the current time from the exit. In
 retrospect, this also seems bad, because the exit could use this to lie to
 you about the current time to get you to accept an expired or invalid SSL
 cert, or to generally cause havock on your notion of time for a webapp.

 Good point. I guess there needs to be a way to detect lying, perhaps by
 comparing to a time consensus. Though I'm not sure SSL cert validation
 needs to be using the exit node clock in any case.

 > Another option is to periodically run tlsdate-style time lookups using a
 helper app independent from Tor, and use that for time. I think this may
 actually be the sanest approach.

 I agree this would be a simpler approach. My concern with it is that the
 global system time on the client might have a skew that could be used to
 link identities across different circuits. The worst case would be a
 hostile time server. I also worry that an exit node imposing an arbitrary
 latency to timing messages from the time server could result in a
 detectable clock skew in the client.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12999#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list