Hi! I've got a question for Tails' design regarding to HTP source pools [1].
> [...] The HTP pools used by Tails are based on stable and reliable webservers that get great amounts of traffic. They are categorized into three different pools according to their members' relationship to the members in the other pools; any member in a one pool should be unlikely to share logs (or other identifying data), or to agree to send fake time information, with a member from the the other pools. The pools are as follows: > - The "pal" pool are run by groups that are likely to take great care of their visitors' privacy. > - The "foe" pool are managed by adversaries of the "pal" pool. > - The "neutral" pool members have a neutral raltionship to both the "pal" and "foe" pool. [...] Even if they don't agree to send fake time information, I don't understand why connecting to a foe/hostile server and using their time information is any useful. Why would you for example trust nsa.gov to share legit time information? If you assume the time information by nsa.gov might be malicious in any way in your opinion, and you'd probably express that opinion by adding the to the foe pool, why bother asking them? How can their time opinion be any useful for getting a good time guess? I can't think of another area in which asking a hostile for advice is a good idea. Maybe "if friend and foe both agree, you can be confident that they're right; if they disagree, look further" - but that's not what Tails htpdate is doing. Or asked the other way around: How much worse would you be off if basically, Tails htpdate would pick three random servers from the pal pool, and then build the mediate of the three advertised dates. Cheers, Patrick [1] https://tails.boum.org/contribute/design/Time_syncing/ _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
