Skip to content
GitLab

robust_time_syncing · Changes

Page history
Add current time sync' plan authored by intrigeri's avatar intrigeri
Hide whitespace changes
Inline Side-by-side
robust_time_syncing.md
View page @ a8c2e985
......@@ -48,10 +48,11 @@ have a network fingerprint unique to Tails. Some people may think NTP,
which is widely used, but NTP is unauthenticated, so a MitM attack
would let an attacker set the system time, which later may be used to
fingerprint the Tails user for applications/protocols that leak the
system time. And while authenticated NTP exists (tails/tails#6113), it's barely in use, so it'd become a great way to identify
Tails users.
system time. Authenticated NTP (tails/tails#6113) is not broadly uses, so it'd become
a great way to identify Tails users. There are possible mitigation measures
to allow ourselves to use NTP anyway, which at least one of proposed plans uses.
In fact, we'd prefer if the sought after "mechanism" is part of Tor's
Ideally, we'd prefer if the sought after "mechanism" is part of Tor's
normal bootstrap process, with no extra packets sent, so the network
fingerprint becomes indistinguishable from a "normal" Tor bootstrap.
That would be a very handy fact when reasoning about how Tails users
......@@ -81,6 +82,29 @@ Some other requirements about this mechanism:
Possible solutions
==================
Current plan
------------
Meta:
- Some aspects of this plan are still unclear, so it's difficult to tell how
much of the problem described above it will solve.
- This plan reuses parts of the "Ask the user what time it is" option that's
described below in more details. At this point it's not clear which problems
considered in the "Ask the user what time it is" option are also
handled here.
UX design: https://gitlab.tails.boum.org/tails/blueprints/-/wikis/network_connection#ux-design
tl;dr:
- If the user chooses autoconfig, then do unsafe NTP so Tor can bootstrap.
We'll decide on tails/tails#18230 if and how we can do that.
Then, once Tor has bootstrapped, do a safer time sync.
- Else, when the user chooses to hide Tor, ask them fix the time zone and clock manually.
Ask the user what time it is
----------------------------
......