The attacks we are trying to protect against are described here: https://www.whonix.org/wiki/Time_Attacks
The threat model are network adversaries ranging from ISP level to major ones. With mass surveillance everywhere its necessary to take this threat model into account before taking decisions about how a distro should work. On 07/27/2015 07:55 AM, intrigeri wrote: > Hi, > > bancfc wrote (26 Jul 2015 18:19:59 GMT) : >> The research comes from WhonixOS a privacy centric distro like TAILS. > > For the record, this does not imply any position from Tails regarding > this topic: the Tails threat model generally does not apply as-is > to Debian. Yes I should have made that clear. I mention TAILS to tell people what Whonix is about because they might only be familiar about the former because of news stories. > > Also, it would be good to describe what exact threat model you see > timedatectl as a security/privacy problem, so Debian has the data to evaluate > if/how its default installation settings behave in that context: > looking at one single potential issue in isolation does not make much > sense to me, if there are potentially dozens of other ways for an > attacker to do what they want. Thanks in advance! > > To end with, I'm wondering whether this email is really > about timesyncd. Its about the threats of insecure time synchronization in general but it also concerns timesyncd that could play a part in this if enabled by default. > > Cheers, > _______________________________________________ Pkg-systemd-maintainers mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
