Jacob Appelbaum: > I think adding an option to verify the leaf certificate's > fingerprint, rather than just the signature alone would be a fine > idea.
Yes, then we could ask eff, tpo and similars about their policy to change the certificates. If we pin their certificates, we don't have to trust any CAs. > so, it depends a lot on what you mean by "getting rid of all CAs" In this particlar discussion I meant "no need to use any CAs". (In general I would be happy to see a widespread replacement for the CAs as a whole.) >> And even if you use only a single source over TLS (pinned) as >> time source... How is it better than using a single authenticated >> NTP server over TCP? > > I've never seen a system that shipped with authenticated NTP > enabled. It doesn't exist, unfortunately. It's also a critical security vulnarability in all major operating system, not only for Tor users, for anyone. No one cares about as long as no one uses it for a big scale attack. If an attacker moves back the time several years he can use revoked certificates. > I'm sure it has happened but generally, ntp is unauthenticated and > is run as a UDP service. Yes. > I'd be interested to see a client configuration that works over TCP > and has strong integrity protection of the remote time. It's certainly possible but almost no one is using it. I found two guides about adding authenication to NTP. https://ntp3.sp.se/howto.html http://support.ntp.org/bin/view/Support/ConfiguringAutokey (Over TCP is possible as well, Google tells.) As Tails pointed out... https://tails.boum.org/todo/authenticate_time_servers/ https://tails.boum.org/contribute/design/Time_syncing/ The system can not be adapted since you will have a hard time finding public, free NTP servers, which support authenitcated NTP. And even if you find a very few, you can not rely on a small amount of servers. A big pool is required for distribiuted trust. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
