[tor-talk] [Tails-dev] secure and simple network time (hack)
Jacob Appelbaum
jacob at appelbaum.net
Fri Jul 20 13:44:21 UTC 2012
adrelanos:
> Jacob Appelbaum:
>>> If anything, TLS is much harder to get right (see issue #16 on
>>> GitHub, for instance — tlsdate is currently susceptible to a MITM
>>> attack).
>>
>> It's a work in progress, of course. I use it with a pinned CA, so
>> in such a case, users are not vulnerable to a MITM attack unless
>> one can get certs from that specific CA.
>
> Wouldn't it be better to get ride of all CAs? Rather pin the CA
> certificate of certain websites instant of pinning a CA?
>
Sure - practically this is the same thing - except, you might run a CA
yourself, with a rotating key on the server. The abstraction is nice as
it allows you to keep the trusted key offline.
I think adding an option to verify the leaf certificate's fingerprint,
rather than just the signature alone would be a fine idea.
Also, there is a TODO item that specifically addresses this with
TLSA/DANE/CAA but that relies on DNSSEC. DNSSEC is basically the CA
system done slightly differently, so, it depends a lot on what you mean
by "getting rid of all CAs" - Moxie has said a lot about this topic but
I suspect he's not on the list.
> And even if you use only a single source over TLS (pinned) as time
> source... How is it better than using a single authenticated NTP
> server over TCP?
I've never seen a system that shipped with authenticated NTP enabled.
I'm sure it has happened but generally, ntp is unauthenticated and is
run as a UDP service. I'd be interested to see a client configuration
that works over TCP and has strong integrity protection of the remote time.
All the best,
Jacob
More information about the tor-talk
mailing list