adrelanos: > Jacob Appelbaum: >>> If anything, TLS is much harder to get right (see issue #16 on >>> GitHub, for instance — tlsdate is currently susceptible to a MITM >>> attack). >> >> It's a work in progress, of course. I use it with a pinned CA, so >> in such a case, users are not vulnerable to a MITM attack unless >> one can get certs from that specific CA. > > Wouldn't it be better to get ride of all CAs? Rather pin the CA > certificate of certain websites instant of pinning a CA? >
Sure - practically this is the same thing - except, you might run a CA yourself, with a rotating key on the server. The abstraction is nice as it allows you to keep the trusted key offline. I think adding an option to verify the leaf certificate's fingerprint, rather than just the signature alone would be a fine idea. Also, there is a TODO item that specifically addresses this with TLSA/DANE/CAA but that relies on DNSSEC. DNSSEC is basically the CA system done slightly differently, so, it depends a lot on what you mean by "getting rid of all CAs" - Moxie has said a lot about this topic but I suspect he's not on the list. > And even if you use only a single source over TLS (pinned) as time > source... How is it better than using a single authenticated NTP > server over TCP? I've never seen a system that shipped with authenticated NTP enabled. I'm sure it has happened but generally, ntp is unauthenticated and is run as a UDP service. I'd be interested to see a client configuration that works over TCP and has strong integrity protection of the remote time. All the best, Jacob _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk