[tor-talk] [Tails-dev] secure and simple network time (hack)
adrelanos
adrelanos at riseup.net
Fri Jul 20 14:18:13 UTC 2012
Jacob Appelbaum:
> I think adding an option to verify the leaf certificate's
> fingerprint, rather than just the signature alone would be a fine
> idea.
Yes, then we could ask eff, tpo and similars about their policy to
change the certificates. If we pin their certificates, we don't have
to trust any CAs.
> so, it depends a lot on what you mean by "getting rid of all CAs"
In this particlar discussion I meant "no need to use any CAs". (In
general I would be happy to see a widespread replacement for the CAs
as a whole.)
>> And even if you use only a single source over TLS (pinned) as
>> time source... How is it better than using a single authenticated
>> NTP server over TCP?
>
> I've never seen a system that shipped with authenticated NTP
> enabled.
It doesn't exist, unfortunately. It's also a critical security
vulnarability in all major operating system, not only for Tor users,
for anyone. No one cares about as long as no one uses it for a big
scale attack. If an attacker moves back the time several years he can
use revoked certificates.
> I'm sure it has happened but generally, ntp is unauthenticated and
> is run as a UDP service.
Yes.
> I'd be interested to see a client configuration that works over TCP
> and has strong integrity protection of the remote time.
It's certainly possible but almost no one is using it. I found two
guides about adding authenication to NTP.
https://ntp3.sp.se/howto.html
http://support.ntp.org/bin/view/Support/ConfiguringAutokey
(Over TCP is possible as well, Google tells.)
As Tails pointed out...
https://tails.boum.org/todo/authenticate_time_servers/
https://tails.boum.org/contribute/design/Time_syncing/
The system can not be adapted since you will have a hard time finding
public, free NTP servers, which support authenitcated NTP. And even if
you find a very few, you can not rely on a small amount of servers. A
big pool is required for distribiuted trust.
More information about the tor-talk
mailing list