On Wed 2015-06-10 15:07:17 -0400, bancfc wrote: > The Hidden Service descriptor proposal didn't make sense so we query > Hidden services directly and extract timestamps from their HTTP headers.
Which hidden service operators do you query? what counts as a "reputable Onion Site" ? Do those operators know that you're relying on their HTTP headers? > At the moment in Whonix, we use reputable Onion Sites exclusively for > time syncing purposes. The reason we stayed away from clearnet + HTTPS > is because its almost certain NSA and friends have burrowed their way > into CAs trusted by browsers. These guys bribe their way into companies > and deploy field gents to sabotage and steal keys. Its a given that they > go after CAs. With clearnet SSL being useless, they can manipulate > system time, or worse, exploit the system if there’s a bug in > sdwdate/htpdate. Far be it from me to defend the CA system (i agree that it is broken, though i'm not convinced that it's broken in the ways you're describing), but i'm not sure that the solution you're advocating as an alternative is a significant improvement, given the state of hidden services and the risk of correlation attacks against their users. Have you read: https://conference.hitb.org/hitbsecconf2015ams/sessions/non-hidden-hidden-services-considered-harmful-attacks-and-detection/ If your concern is about malicious CA certifications, why not instead restrict your https-based date updates to https sites that use HPKP to protect against attacks from non-pinned CAs? If your concern is attacks from the pinned CAs, you could add an increased dependence on certificate-transparency as well, though that would likely take more engineering effort. Regards, --dkg _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
