|
|
|
This is about [[!tails_ticket 5774]].
|
|
|
|
This is about tails/tails#5774.
|
|
|
|
|
|
|
|
|
|
|
|
[[_TOC_]]
|
|
|
|
|
|
|
|
[[!toc levels=2]]
|
|
|
|
|
|
|
|
Introduction
|
|
|
|
============
|
| ... | ... | @@ -9,9 +11,8 @@ tordate |
|
|
|
-------
|
|
|
|
|
|
|
|
With *tordate* we're referring to the unholy mess found in
|
|
|
|
[[!tails_gitweb
|
|
|
|
config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh]],
|
|
|
|
whose design can be read in [[contribute/design/Time_syncing]]
|
|
|
|
[config/chroot local-includes/etc/NetworkManager/dispatcher.d/20-time.sh](https://gitlab.tails.boum.org/tails/tails/-/blob/master/config/chroot_local-includes/etc/NetworkManager/dispatcher.d/20-time.sh),
|
|
|
|
whose design can be read in [Time syncing](https://tails.boum.org/contribute/design/Time_syncing)
|
|
|
|
(overview, steps 1-3, more or less).
|
|
|
|
|
|
|
|
tordate is a fragile pile of hacks, and it effectively makes it
|
| ... | ... | @@ -47,8 +48,7 @@ have a network fingerprint unique to Tails. Some people may think NTP, |
|
|
|
which is widely used, but NTP is unauthenticated, so a MitM attack
|
|
|
|
would let an attacker set the system time, which later may be used to
|
|
|
|
fingerprint the Tails user for applications/protocols that leak the
|
|
|
|
system time. And while authenticated NTP exists ([[!tails_ticket
|
|
|
|
6113]]), it's barely in use, so it'd become a great way to identify
|
|
|
|
system time. And while authenticated NTP exists (tails/tails#6113), it's barely in use, so it'd become a great way to identify
|
|
|
|
Tails users.
|
|
|
|
|
|
|
|
In fact, we'd prefer if the sought after "mechanism" is part of Tor's
|
| ... | ... | @@ -109,8 +109,8 @@ That's what ChromeOS does when the time is too wrong: |
|
|
|
|
|
|
|
#### First iteration
|
|
|
|
|
|
|
|
Relevant tickets: [[!tails_ticket 10819]], [[!tails_ticket 6284]],
|
|
|
|
[[!tails_ticket 12094]].
|
|
|
|
Relevant tickets: tails/tails#10819, tails/tails#6284,
|
|
|
|
tails/tails#12094.
|
|
|
|
|
|
|
|
* What's called *Tails Clock* below is the widget that will display
|
|
|
|
the current time within the GNOME desktop, in whatever timezone the
|
| ... | ... | @@ -161,11 +161,11 @@ much once we're there. |
|
|
|
#### Integration with the new Greeter
|
|
|
|
|
|
|
|
We need to give the user will have the opportunity to choose their
|
|
|
|
preferred timezone in the Greeter ([[!tails_ticket 11645]]). And then,
|
|
|
|
preferred timezone in the Greeter (tails/tails#11645). And then,
|
|
|
|
most likely we'll want to provide them feedback about what Tails
|
|
|
|
thinks the resulting local time is. And in turn, the UI that provides
|
|
|
|
that feedback can as well allow users to set the system time if
|
|
|
|
it's wrong ([[!tails_ticket 11641]]).
|
|
|
|
it's wrong (tails/tails#11641).
|
|
|
|
|
|
|
|
The chosen timezone information should be re-used both by Tails Clock
|
|
|
|
and by the time input GUI that lets users correct the system time if
|
| ... | ... | @@ -185,8 +185,8 @@ E.g.: |
|
|
|
|
|
|
|
* like [Roger
|
|
|
|
suggested](https://lists.torproject.org/pipermail/tor-talk/2011-January/008551.html)
|
|
|
|
* [[!tor_bug 3652 desc="Export clock skew opinion as getinfo command"]]
|
|
|
|
and its [[!tor_bug 6894 desc="answer network time requests"]] duplicate
|
|
|
|
* [Export clock skew opinion as getinfo command](https://bugs.torproject.org/3652)
|
|
|
|
and its [answer network time requests](https://bugs.torproject.org/6894) duplicate
|
|
|
|
|
|
|
|
Misc. resources
|
|
|
|
===============
|
| ... | ... | @@ -204,3 +204,4 @@ Misc. resources |
|
|
|
* their [upstart job](http://git.chromium.org/gitweb/?p=chromiumos/platform/init.git;a=blob;f=tlsdated.conf;h=d72d780c1f1d432bb7b7a06e787a745dbf5cdd46;hb=HEAD)
|
|
|
|
* They query `clients3.google.com` only currently, but intend to
|
|
|
|
use the multi-host feature some day.
|
|
|
|
|
