Hi, [sorry for the delay...]
Disclaimer: I've not thought of this very hard, and I lack the theoretical background to reason about it in formal terms. Patrick Schleizer wrote (28 Aug 2014 14:42:55 GMT) : > Even if they don't agree to send fake time information, I don't > understand why connecting to a foe/hostile server and using their time > information is any useful. I think our design doc is putting too much weight on the pal/foe naming (and in turn, quite logically, you are too :) IMO, the idea is to get different pools of servers so that those picked from one pool are unlikely to plot with those from other pools against Tails users. > I can't think of another area in which asking a hostile for advice is a > good idea. Maybe "if friend and foe both agree, you can be confident > that they're right; if they disagree, look further" - but that's not > what Tails htpdate is doing. Indeed, it should probably discard information that is diverging too much from what others tell us. Care to file a "research" ticket about it? > Or asked the other way around: > How much worse would you be off if basically, Tails htpdate would pick > three random servers from the pal pool, and then build the mediate of > the three advertised dates. Intuitively, I think it would put too much weight on the trust we have in the servers that are in the "pal" pool. But again, I may very well be wrong. Cheers, -- intrigeri _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
