Comments (4)
You're free to implement some kind of "distributed" trust if you want. There are hooks for notifications - see the dbus notify information.
I also don't want to gradually adjust the clock - what is the argument for that? I want tlsdate to slam the clock at boot before the network is even up - with the minimum date compiled into tlsdate. Are you suggest we adjtime there slowly?
from tlsdate.
You're free to implement some kind of "distributed" trust if you want.
Unfortunately I don't know how to code in C :( I understand its not a priority for you right now, but its kind of important for TAILS' trust model and ours where we want to run up the cost for an adversary seeking to influence a time source. Its the major point for adopting tlsdate.
There are hooks for notifications - see the dbus notify information.
Great I'll check it out.
I also don't want to gradually adjust the clock - what is the argument for that?
Sometimes we manually adjust the clock of a running vm after the host has been awoken from suspend after some time. We don't allow a vm to read the Host's wallclock to prevent this information being leaked to a malicious vm. When sdwdate runs, it moves the clock too much into past or future. This seems to confuse Tor which subsequently stops working. This mostly happens in these long running sessions.
When taking +/- X seconds and then gradually adjusting the time, this problem is ameliorated.
This would also increase security. (Against browser fingerprinting. - No more sudden clock jumps indicating that someone is a Whonix user.) At least until TCP sequence numbers are handled.
from tlsdate.
tlsdated handles this on ChromeOS and I believe it handles the suspend
case. Have you looked at it?
from tlsdate.
Ah that's good. Looks like you have everything covered then.
On the distributed trust topic let me ask you one question: Is it better to have 30 unpinned SSL friendly sources or just one trusted pinned domain like https://torproject.org? Our current solution is basic and doesn't natively support cert pinning like your does. I am concerned about our client side code parsing malicious replies fed by MITM'd connections than getting an incorrect time reading.
As a security professional, what in your opinion makes more sense?
I won't advocate for using the TPO website if you're concerned about traffic although it would be the best option nonetheless.
from tlsdate.
Related Issues (20)
- Long options with arguments don't accept arguments HOT 1
- Test for BIG/LITTLE ENDIAN in test-bio.c
- Time
- minor building issues on debian testing HOT 2
- Sandboxing on other platforms HOT 1
- Tlsdate has no installation candidate HOT 2
- Make tlsdate read proxy environment variables if present
- tlsdate fails to build with openssl-1.1 (new API) HOT 1
- TLS 1.3
- tlsdate-0.0.13 fails to compile with libressl-2.5.0 HOT 1
- Help: How can I disable automatic start of tlsdated? HOT 3
- How do I embed tlsdate into a C++ application? Is there any sort of "libtlsdate"?
- Why times are all different? Only "google.com" returns accurate time! HOT 2
- By default tlsdate uses the non-standard 'nogroup' group
- [EXPIRED] Windows binary
- Last commit 2015, is this project dead? HOT 11
- compile error on raspberrypi HOT 1
- Compile error
- Make error in ubuntu 18.04 HOT 1
- where to find tlsdate servers? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tlsdate.