Jacob Appelbaum: >> If anything, TLS is much harder to get right (see issue #16 on >> GitHub, for instance — tlsdate is currently susceptible to a MITM >> attack). > > It's a work in progress, of course. I use it with a pinned CA, so > in such a case, users are not vulnerable to a MITM attack unless > one can get certs from that specific CA.
Wouldn't it be better to get ride of all CAs? Rather pin the CA certificate of certain websites instant of pinning a CA? And even if you use only a single source over TLS (pinned) as time source... How is it better than using a single authenticated NTP server over TCP? _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
