System time in anonymity oriented LiveCDs

intrigeri intrigeri at
Wed Jan 5 19:56:38 UTC 2011


Jordi Espasa Clofent wrote (03 Jan 2011 16:48:10 GMT) :
> What about this

After reading this page quite quickly, it seems to me this NTP autokey
feature is a way to secure exchanges between a given NTP server you
manage and some clients you provide SSL client certs with.

Although this seems to be working for authenticating the NTP server,
this also has the severe drawback (in the Live system context this
discussion arises from) of:

  - forcing the Live system's authors, or someone else, to run a
    dedicated NTP server
  - allowing a "local" attacker (say, an ISP) to very easily
    fingerprint this Live system's users based on the fact they send
    NTP (+autokey) requests to this special NTP server.

Am I mistaken?

  intrigeri <intrigeri at>
  | GnuPG key @
  | OTR fingerprint @
  | If you must label the absolute, use it's proper name: Temporary.
To unsubscribe, send an e-mail to majordomo at with
unsubscribe or-talk    in the body.

More information about the tor-talk mailing list