Hi, Bdale Garbee wrote (04 Dec 2013 18:29:24 GMT) : > At our meeting in Eben's offices in Feb, dkg came up with really cute > hack for setting the system time in an initial set-up script by > acquiring the client system's sense of time from I think an SSL session > initiation packet. I'm not aware of that ever being publicly documented > or implemented in our stack, but it seemed like a really neat "hands > off" way to handle the set-the-time-on-first-boot problem without > relying on centralized infrastructure.
tlsdate (in Debian testing/sid) does just this. It is written by Jacob Appelbaum, who was on some FreedomBox technical board at some point IIRC. Sorry if it was mentioned already, I only read the list from time to time. I'm told that tlsdate has been installed by default on ChromeOS for a while (talking to Google servers, obviously). Drawbacks are that 1. you have to trust the TLS server you're talking to to give you the right time (and getting the right time is especially important for a system that uses Tor); 2. the way tlsdate talks to the TLS server * the selection of TLS server(s) you are using is fingerprintable (but hiding the fact that "hey, this system is a FreedomBox" isn't part of the current threat model, is it?). Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc _______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss