[tor-talk] [Tails-dev] secure and simple network time (hack)

Elly Fong-Jones elly at leptoquark.net
Tue Apr 16 14:19:33 UTC 2013 

On Tue, Apr 16, 2013 at 01:03:27PM +0200, intrigeri wrote:
> Hi Jacob and Elly,
> 
> Thanks for your answers! See more questions bellow.
> 
> Jacob Appelbaum wrote (11 Apr 2013 06:56:18 GMT) :
> > Basically - tlsdate in Tails would be a minor set of users compared to
> > the much larger user base of ChromeOS.
> 
> Sure.
> 
> I doubt we can blend in this "anonymity" set, though: unless Tails
> wants to forever copy the set of hosts ChromeOS queries (which I don't
> think we would want to rely upon on the long run), then Tails' use of
> tlsdate will probably be fingerprintable at least by the ISP if the
> connections are made in the clear, so we probably would want to run
> tlsdate over Tor anyway.

Even if not, there are other easyish ways to distinguish a Chrome OS device,
such as the autoupdate behavior.

> So, I'm now considering this (tlsdate over Tor) to replace our use of
> htpdate, and not to replace our initial time guess based on the Tor
> consensus [1].
> 
> [1] https://tails.boum.org/contribute/design/Time_syncing/#index3h1
> 
> > I'd like to settle on a list of hosts that it uses by default which may
> > include a Google host or not. I haven't yet decided.
> 
> OK.
> 
> Jacob, are you interested in implementing something like our current
> multiple pool -based approach [2], or something else with similar
> security properties? If Tails wants to move to tlsdate some day,
> I guess a prerequisite would be not to lose the nice security
> properties this approach currently gives us.
>
> [2] https://tails.boum.org/contribute/design/Time_syncing/#index4h2
> 
> Elly Fong-Jones wrote (08 Apr 2013 03:06:02 GMT) :
> > The (slightly outdated now) time-sources design doc is here:
> > <https://docs.google.com/a/chromium.org/document/d/1ylaCHabUIHoKRJQWhBxqQ5Vck270fX7XCWBdiJofHbU/edit>
> 
> Elly, is this design doc correct that tlsdate queries
> clients3.google.com only in ChromeOS?

Correct.

> (Given you implemented the multi-host feature, I'd be surprised that
> you don't use it, but I could not find what /etc/tlsdate/tlsdated.conf
> ChromeOS is using, so I don't know.)

We are supposed to be using it, but are not yet. Open bug :)

> Cheers,
> --
>   intrigeri
>   | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
>   | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc

-- elly
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20130416/d1386712/attachment.pgp>

More information about the tor-talk mailing list