Jacob Appelbaum:
> adrelanos:
>> Jacob Appelbaum:
>>> adrelanos:
>
> We already fail this test, no?
Not necessarily. This is a difficult question.
>>>
>>> Tor does not hide that you are using Tor
>>
>> Yes, but... While making this point up, I saw pluggable transports as a
>>
Maxim Kammerer:
> On Thu, Apr 18, 2013 at 1:18 AM, Jacob Appelbaum wrote:
>> Whenever a less friendly person gives me a hard time about the obvious
>> futility of tlsdate, I think:
>>
>> "Let me know how your ntp replacement project goes and I'll gladly use
>> it when my shitty one trick pony isn'
adrelanos:
> Jacob Appelbaum:
>> adrelanos:
We already fail this test, no?
>>>
>>> Not necessarily. This is a difficult question.
>>>
>>
>> Tor does not hide that you are using Tor
>
> Yes, but... While making this point up, I saw pluggable transports as a
> tool which can be thrown into
On Thu, Apr 18, 2013 at 1:18 AM, Jacob Appelbaum wrote:
> Whenever a less friendly person gives me a hard time about the obvious
> futility of tlsdate, I think:
>
> "Let me know how your ntp replacement project goes and I'll gladly use
> it when my shitty one trick pony isn't beating the pants off
adrelanos:
> Jacob Appelbaum:
>> Elly Fong-Jones:
>>> On Tue, Apr 16, 2013 at 01:03:27PM +0200, intrigeri wrote:
Hi Jacob and Elly,
Thanks for your answers! See more questions bellow.
Jacob Appelbaum wrote (11 Apr 2013 06:56:18 GMT) :
> Basically - tlsdate in Tails woul
adrelanos:
>>
>> We already fail this test, no?
>
> Not necessarily. This is a difficult question.
>
Tor does not hide that you are using Tor and using Tails or Whonix is an
example of a system only emitting Tor traffic. It depends on your threat
model but generally, we'd just making up "someone
intrigeri:
> Hi,
>
> adrelanos wrote (17 Apr 2013 19:33:23 GMT) :
>> Why not build the required features into Tor itself?
>
> (Let's assume this is no rhetorical question.)
>
> My best guess is that nobody had 1. enough interest in this topic; 2.
> the right set of skills; 3. enough free time. I
Jacob Appelbaum:
> adrelanos:
>>>
>>> We already fail this test, no?
>>
>> Not necessarily. This is a difficult question.
>>
>
> Tor does not hide that you are using Tor
Yes, but... While making this point up, I saw pluggable transports as a
tool which can be thrown into the mix and make this a n
Jacob Appelbaum:
> adrelanos:
>> Jacob Appelbaum:
>>> Elly Fong-Jones:
On Tue, Apr 16, 2013 at 01:03:27PM +0200, intrigeri wrote:
> Hi Jacob and Elly,
>
> Thanks for your answers! See more questions bellow.
>
> Jacob Appelbaum wrote (11 Apr 2013 06:56:18 GMT) :
>> Basic
Jacob Appelbaum:
> Elly Fong-Jones:
>> On Tue, Apr 16, 2013 at 01:03:27PM +0200, intrigeri wrote:
>>> Hi Jacob and Elly,
>>>
>>> Thanks for your answers! See more questions bellow.
>>>
>>> Jacob Appelbaum wrote (11 Apr 2013 06:56:18 GMT) :
Basically - tlsdate in Tails would be a minor set of u
Hi,
adrelanos wrote (17 Apr 2013 19:33:23 GMT) :
> Why not build the required features into Tor itself?
(Let's assume this is no rhetorical question.)
My best guess is that nobody had 1. enough interest in this topic; 2.
the right set of skills; 3. enough free time. In my experience, this
is a c
intrigeri:
> Hi,
>
> Jacob Appelbaum wrote (17 Apr 2013 08:58:32 GMT) :
>> What version of htpdate are you shipping currently?
>
> This is documented there:
> https://tails.boum.org/contribute/design/Time_syncing/#index2h2
>
OK, so the perl version initially made me a lot less concerned - that
intrigeri:
> Jacob, are you interested in implementing something like our current
> multiple pool -based approach [2], or something else with similar
> security properties?
What version of htpdate are you shipping currently? I've just been
reading the source for htpdate-1.0.4 - is that the right v
Hi,
Jacob Appelbaum wrote (17 Apr 2013 08:58:32 GMT) :
> What version of htpdate are you shipping currently?
This is documented there:
https://tails.boum.org/contribute/design/Time_syncing/#index2h2
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
Hi,
intrigeri:
> Hi Jacob and Elly,
>
> Thanks for your answers! See more questions bellow.
>
> Jacob Appelbaum wrote (11 Apr 2013 06:56:18 GMT) :
>> Basically - tlsdate in Tails would be a minor set of users compared to
>> the much larger user base of ChromeOS.
>
> Sure.
>
> I doubt we can bl
Elly Fong-Jones:
> On Tue, Apr 16, 2013 at 01:03:27PM +0200, intrigeri wrote:
>> Hi Jacob and Elly,
>>
>> Thanks for your answers! See more questions bellow.
>>
>> Jacob Appelbaum wrote (11 Apr 2013 06:56:18 GMT) :
>>> Basically - tlsdate in Tails would be a minor set of users compared to
>>> the m
On Tue, Apr 16, 2013 at 01:03:27PM +0200, intrigeri wrote:
> Hi Jacob and Elly,
>
> Thanks for your answers! See more questions bellow.
>
> Jacob Appelbaum wrote (11 Apr 2013 06:56:18 GMT) :
> > Basically - tlsdate in Tails would be a minor set of users compared to
> > the much larger user base o
Hi Jacob and Elly,
Thanks for your answers! See more questions bellow.
Jacob Appelbaum wrote (11 Apr 2013 06:56:18 GMT) :
> Basically - tlsdate in Tails would be a minor set of users compared to
> the much larger user base of ChromeOS.
Sure.
I doubt we can blend in this "anonymity" set, though:
Maxim Kammerer:
> On Fri, Jul 20, 2012 at 3:07 AM, Jacob Appelbaum wrote:
>> Allow me to be very explicit: it is harder to parse an HTTP Date header
>> than properly than casting a 32bit integer and flipping their order. The
>> attack surface is very small and easy to audit.
>
> Just discovered t
Elly Jones:
> On Fri, Apr 12, 2013 at 02:43:13PM +0300, Maxim Kammerer wrote:
>> On Fri, Jul 20, 2012 at 3:07 AM, Jacob Appelbaum wrote:
>>> Allow me to be very explicit: it is harder to parse an HTTP Date header
>>> than properly than casting a 32bit integer and flipping their order. The
>>> atta
I don't really understand your reservation about this project. It's reasonable
to want authenticated time to a non-webserver of ones choice. Depending on
your environment, tlsdate is complementary to the various other
programs. You can (and will) use whatever you decide fits your needs,
but please
On Fri, Apr 12, 2013 at 02:43:13PM +0300, Maxim Kammerer wrote:
> On Fri, Jul 20, 2012 at 3:07 AM, Jacob Appelbaum wrote:
> > Allow me to be very explicit: it is harder to parse an HTTP Date header
> > than properly than casting a 32bit integer and flipping their order. The
> > attack surface is v
On Fri, Apr 12, 2013 at 02:43:13PM +0300, Maxim Kammerer wrote:
> On Fri, Jul 20, 2012 at 3:07 AM, Jacob Appelbaum wrote:
> > Allow me to be very explicit: it is harder to parse an HTTP Date header
> > than properly than casting a 32bit integer and flipping their order. The
> > attack surface is v
On Fri, Jul 20, 2012 at 3:07 AM, Jacob Appelbaum wrote:
> Allow me to be very explicit: it is harder to parse an HTTP Date header
> than properly than casting a 32bit integer and flipping their order. The
> attack surface is very small and easy to audit.
Just discovered that tlsdated in tlsdate-0
intrigeri:
> Hi,
>
> Jacob Appelbaum wrote (19 Jul 2012 23:48:48 GMT) :
>> intrigeri:
>>> So, Jake tells me that ChromeOS will use tlsdate by default, and that
>>> this should solve the fingerprinting issue. Therefore, I assume this
>>> implicitly answer the (half-rhetorical, I admit) question I a
Hi,
Jacob Appelbaum wrote (19 Jul 2012 23:48:48 GMT) :
> intrigeri:
>> So, Jake tells me that ChromeOS will use tlsdate by default, and that
>> this should solve the fingerprinting issue. Therefore, I assume this
>> implicitly answer the (half-rhetorical, I admit) question I asked in
>> March, and
intrigeri:
> There are a few pieces of software called htpdate, and the one Tails
> uses only connects to HTTPS servers, and delegates to wget the X.509
> certificates validation:
> https://tails.boum.org/contribute/design/Time_syncing/#index3h2
Unfortunately wget (nor any other command line downl
intrigeri:
> Hi,
>
> adrelanos wrote (18 Jul 2012 18:37:18 GMT) :
>> To make our life even worse... Sorry... But not using NTP and only
>> emmiting Tor traffic is also pretty clearly Tails. Because that puts
>> you in the group of users "Uses Tor, nothing else, but does not use
>> NTP? How many pe
Hi,
Jacob Appelbaum wrote (19 Jul 2012 23:48:48 GMT) :
> The key difference with htpdate is that one has a cryptographic
> signature. I'll take a subset of possible MITM attackers over fully
> trusting something that anyone could MITM.
I think this is wrong in the context of Tails.
There are a f
Hi,
adrelanos wrote (18 Jul 2012 18:37:18 GMT) :
> To make our life even worse... Sorry... But not using NTP and only
> emmiting Tor traffic is also pretty clearly Tails. Because that puts
> you in the group of users "Uses Tor, nothing else, but does not use
> NTP? How many people act like this?".
Maxim Kammerer:
> On Wed, Jul 18, 2012 at 7:31 AM, intrigeri wrote:
>> Thoughts?
>
> After pondering about extending tlsdate for a while, I see no reason
> to use tlsdate instead of htpdate at the moment (or, possibly, ever).
> There is a difference between thinking of and experimenting with a
>
Hey hey,
intrigeri:
> Hi,
>
> intrigeri wrote (25 Mar 2012 23:02:55 GMT) :
>> Jacob Appelbaum wrote (20 Feb 2012 20:30:08 GMT) :
>>> For a while I've been interested in secure network time that would
>>> be useful for Tor users. Tor users generally need accuracy to the
>>> hour in the local syste
On Wed, Jul 18, 2012 at 7:31 AM, intrigeri wrote:
> Thoughts?
After pondering about extending tlsdate for a while, I see no reason
to use tlsdate instead of htpdate at the moment (or, possibly, ever).
There is a difference between thinking of and experimenting with a
gimmick, and using it as a re
Hi,
intrigeri wrote (25 Mar 2012 23:02:55 GMT) :
> Jacob Appelbaum wrote (20 Feb 2012 20:30:08 GMT) :
>> For a while I've been interested in secure network time that would
>> be useful for Tor users. Tor users generally need accuracy to the
>> hour in the local system clock.
> Thank you for tackl
34 matches
Mail list logo
