Changes

intrigeri · a8c2e985
--- a/robust_time_syncing.md
+++ b/robust_time_syncing.md
@@ -48,10 +48,11 @@ have a network fingerprint unique to Tails. Some people may think NTP,
 which is widely used, but NTP is unauthenticated, so a MitM attack
 would let an attacker set the system time, which later may be used to
 fingerprint the Tails user for applications/protocols that leak the
-system time. And while authenticated NTP exists (tails/tails#6113), it's barely in use, so it'd become a great way to identify
-Tails users.
+system time. Authenticated NTP (tails/tails#6113) is not broadly uses, so it'd become
+a great way to identify Tails users. There are possible mitigation measures
+to allow ourselves to use NTP anyway, which at least one of proposed plans uses.

-In fact, we'd prefer if the sought after "mechanism" is part of Tor's
+Ideally, we'd prefer if the sought after "mechanism" is part of Tor's
 normal bootstrap process, with no extra packets sent, so the network
 fingerprint becomes indistinguishable from a "normal" Tor bootstrap.
 That would be a very handy fact when reasoning about how Tails users
@@ -81,6 +82,29 @@ Some other requirements about this mechanism:
 Possible solutions
 ==================

+Current plan
+------------
+
+Meta:
+
+ - Some aspects of this plan are still unclear, so it's difficult to tell how
+   much of the problem described above it will solve.
+
+ - This plan reuses parts of the "Ask the user what time it is" option that's
+   described below in more details. At this point it's not clear which problems
+   considered in the "Ask the user what time it is" option are also
+   handled here.
+
+UX design: https://gitlab.tails.boum.org/tails/blueprints/-/wikis/network_connection#ux-design
+
+tl;dr:
+
+ - If the user chooses autoconfig, then do unsafe NTP so Tor can bootstrap.
+   We'll decide on tails/tails#18230 if and how we can do that.
+   Then, once Tor has bootstrapped, do a safer time sync.
+
+ - Else, when the user chooses to hide Tor, ask them fix the time zone and clock manually.
+
 Ask the user what time it is
 ----------------------------