Extra Features to allow use in Anonymity-centric distro (Whonix) about tlsdate HOT 4 CLOSED

You're free to implement some kind of "distributed" trust if you want. There are hooks for notifications - see the dbus notify information.

I also don't want to gradually adjust the clock - what is the argument for that? I want tlsdate to slam the clock at boot before the network is even up - with the minimum date compiled into tlsdate. Are you suggest we adjtime there slowly?

from tlsdate.

You're free to implement some kind of "distributed" trust if you want.

Unfortunately I don't know how to code in C :( I understand its not a priority for you right now, but its kind of important for TAILS' trust model and ours where we want to run up the cost for an adversary seeking to influence a time source. Its the major point for adopting tlsdate.

There are hooks for notifications - see the dbus notify information.

Great I'll check it out.

I also don't want to gradually adjust the clock - what is the argument for that?

Sometimes we manually adjust the clock of a running vm after the host has been awoken from suspend after some time. We don't allow a vm to read the Host's wallclock to prevent this information being leaked to a malicious vm. When sdwdate runs, it moves the clock too much into past or future. This seems to confuse Tor which subsequently stops working. This mostly happens in these long running sessions.

When taking +/- X seconds and then gradually adjusting the time, this problem is ameliorated.

This would also increase security. (Against browser fingerprinting. - No more sudden clock jumps indicating that someone is a Whonix user.) At least until TCP sequence numbers are handled.

from tlsdate.

tlsdated handles this on ChromeOS and I believe it handles the suspend
case. Have you looked at it?

from tlsdate.

Ah that's good. Looks like you have everything covered then.

On the distributed trust topic let me ask you one question: Is it better to have 30 unpinned SSL friendly sources or just one trusted pinned domain like https://torproject.org? Our current solution is basic and doesn't natively support cert pinning like your does. I am concerned about our client side code parsing malicious replies fed by MITM'd connections than getting an incorrect time reading.
As a security professional, what in your opinion makes more sense?

I won't advocate for using the TPO website if you're concerned about traffic although it would be the best option nonetheless.

from tlsdate.