adrelanos: > Jacob Appelbaum: >> So does that mean you do or do not like DNSSEC? :) > > Can't say, I didn't dig into that deep enough.
In a sense, we can compare the root ('.') to a single CA that can further delegate to other CAs such as '.se' and so on. > >> I'd like to see a normal ntp client that runs over Tor safely - can >> you show us an example of a way to do that? If so, I'd gladly >> consider running such an NTP service. I already run a normal UDP >> OpenNTP server in the pool. > >>> The system can not be adapted since you will have a hard time >>> finding public, free NTP servers, which support authenitcated >>> NTP. And even if you find a very few, you can not rely on a small >>> amount of servers. A big pool is required for distribiuted >>> trust. > >> That's a resource issue, not a technical issue. We can solve both, >> I think. I'd like to know if someone has actually used normal NTP >> clients over Tor, even with private servers and found that it was >> suitable? > > Ok, I am sorry, I messed up. There is no way to run NTP *directly* > over TCP. I found the following interesting posts about this issue: > http://lists.ntp.org/pipermail/questions/2007-October/015832.html > http://lists.ntp.org/pipermail/questions/2007-October/015834.html > http://lists.ntp.org/pipermail/questions/2007-October/015859.html > That's what I thought. > We could run NTP over Tor, if we tunnel UDP over OnionCat. Due to > usage of hidden services, Tor would provide authentication. (NTP > autokey could be added for another layer of authenication.) But it > were NTP over TCP over UDP, which wouldn't be (according to the posts > above) exact as ordinary NTP over TCP. > Wow - talk about a hack! > I don't know how less accurate it were and if that is a good idea or > not. Or if we find willing people to run it. Please discuss. If there > is intererest, it could be tried to develop some instructions how to > provide NTP as hidden service and share the result in the tpo wiki. It seems like providing a simple phase locked loop over TCP isn't that hard to do. All the best, Jacob _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk