[Freedombox-discuss] Dev: New FreedomBox-Setup Dependency: NTP

intrigeri intrigeri+freedombox at boum.org
Thu Dec 12 02:05:50 UTC 2013


Bdale Garbee wrote (04 Dec 2013 18:29:24 GMT) :
> At our meeting in Eben's offices in Feb, dkg came up with really cute
> hack for setting the system time in an initial set-up script by
> acquiring the client system's sense of time from I think an SSL session
> initiation packet.  I'm not aware of that ever being publicly documented
> or implemented in our stack, but it seemed like a really neat "hands
> off" way to handle the set-the-time-on-first-boot problem without
> relying on centralized infrastructure.

tlsdate (in Debian testing/sid) does just this. It is written by Jacob
Appelbaum, who was on some FreedomBox technical board at some point
IIRC. Sorry if it was mentioned already, I only read the list from
time to time. I'm told that tlsdate has been installed by default on
ChromeOS for a while (talking to Google servers, obviously).

Drawbacks are that 1. you have to trust the TLS server you're talking
to to give you the right time (and getting the right time is
especially important for a system that uses Tor); 2. the way tlsdate
talks to the TLS server * the selection of TLS server(s) you are using
is fingerprintable (but hiding the fact that "hey, this system is
a FreedomBox" isn't part of the current threat model, is it?).

  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc

More information about the Freedombox-discuss mailing list