Changes

Page history
Store analysis from 2021-12-08 authored by sajolida's avatar sajolida
Show whitespace changes
Inline Side-by-side
robust_time_syncing.md
View page @ 89bee01e
......@@ -111,6 +111,60 @@ tl;dr:
- Else, when the user chooses to hide Tor, ask them fix the time zone and clock manually.
Reasons for failure of the automatic time sync
----------------------------------------------
### Symptoms
* A) HTTP connection times out
* B) no route to host
* C) DNS resolution fails
* D) DNS resolution times out
* E) invalid HTTPS certificate (if we allow redirects, otherwise cannot possibly happen because the test URL is cleartext HTTP)
* F) HTTP error code
* G) missing HTTP `Date` header
* H) response is not the expected content (so likely does not come from the intended server
### Reasons
* captive portal working as intended: E, F, G, H
* needs proxy configuration: A, B, C, D. Or, less probably: F
* broken IP connectivity: B
* upstream DNS is giving incorrect answers (without being a captive portal): anything can happen
* slow network: A, D
* unreliable network: A, B, C, D
* mangling the network traffic upstream without being a "legitimate" captive portal: anything can happen
* e.g. not very clever malicious active attacker: a more clever attacker would give the expected reply and give Tails the wrong date
* network censor
### Observations
* captive portal is hard to distinguish from other "network mangler"
* But maybe in some cases we might know for sure e.g. when something like [https://tools.ietf.org/id/draft-nottingham-http-new-status-01.html#status-code](https://tools.ietf.org/id/draft-nottingham-http-new-status-01.html#status-code) is implemented; or for 407 Proxy Authentication Required.
* NetworkManager does not bother checking for status code 428.
* See also [https://github.com/ooni/spec/blob/master/nettests/ts-010-captive-portal.md#version-040-implemented-in-mk-but-not-deployed](https://github.com/ooni/spec/blob/master/nettests/ts-010-captive-portal.md#version-040-implemented-in-mk-but-not-deployed)
* a network where a proxy is needed can be a realistic example of such a network mangler
* ⇒ if we want to support this use case, when we see a captive portal, we must still propose the user to configure their proxy
* our time-checking code should return, in case of errors, a list of possible reasons for failure
Old plan
========
......
......