[tor-talk] [Tails-dev] secure and simple network time (hack)
adrelanos
adrelanos at riseup.net
Fri Jul 20 12:59:59 UTC 2012
Jacob Appelbaum:
>> If anything, TLS is much harder to get right (see issue #16 on
>> GitHub, for instance — tlsdate is currently susceptible to a MITM
>> attack).
>
> It's a work in progress, of course. I use it with a pinned CA, so
> in such a case, users are not vulnerable to a MITM attack unless
> one can get certs from that specific CA.
Wouldn't it be better to get ride of all CAs? Rather pin the CA
certificate of certain websites instant of pinning a CA?
And even if you use only a single source over TLS (pinned) as time
source... How is it better than using a single authenticated NTP
server over TCP?
More information about the tor-talk
mailing list