-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Jacob Appelbaum: > So does that mean you do or do not like DNSSEC? :)
Can't say, I didn't dig into that deep enough. > I'd like to see a normal ntp client that runs over Tor safely - can > you show us an example of a way to do that? If so, I'd gladly > consider running such an NTP service. I already run a normal UDP > OpenNTP server in the pool. >> The system can not be adapted since you will have a hard time >> finding public, free NTP servers, which support authenitcated >> NTP. And even if you find a very few, you can not rely on a small >> amount of servers. A big pool is required for distribiuted >> trust. > > That's a resource issue, not a technical issue. We can solve both, > I think. I'd like to know if someone has actually used normal NTP > clients over Tor, even with private servers and found that it was > suitable? Ok, I am sorry, I messed up. There is no way to run NTP *directly* over TCP. I found the following interesting posts about this issue: http://lists.ntp.org/pipermail/questions/2007-October/015832.html http://lists.ntp.org/pipermail/questions/2007-October/015834.html http://lists.ntp.org/pipermail/questions/2007-October/015859.html We could run NTP over Tor, if we tunnel UDP over OnionCat. Due to usage of hidden services, Tor would provide authentication. (NTP autokey could be added for another layer of authenication.) But it were NTP over TCP over UDP, which wouldn't be (according to the posts above) exact as ordinary NTP over TCP. I don't know how less accurate it were and if that is a good idea or not. Or if we find willing people to run it. Please discuss. If there is intererest, it could be tried to develop some instructions how to provide NTP as hidden service and share the result in the tpo wiki. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJQCbSJAAoJEJwTGtNxOq7vuAEP/2v1L9+Wq4vJWpLDa+lBC/jo oSjoKBOc9DCyFumWypmwTqDZPgFBNNJ57kuTAcctEAirRnju/LETqVx5evciTIBr i/x5Xd1o92bYGqNRC7uAjXVXcjG98FkNO/pqvOUSXQDc6TaESU2v293e5ekkcvKF 9J6sc0wlZRHnhBrB4Mrbwlg9ayhoSK19+vYoDjwAIy8zIEHj3riyNSrG5iQVy+t8 BNLWRnMRLdR94jyx7VKLk6vGb+zq7d0f00HAKziYoVOpnxuvdKd664cx/OvGNOho XB9VIcIOgsfBUDi7dB5wq9T9jG1Q4YFEd08w2bWcf6V4/6omV8By/6nO4SIpR4+S B+xGym8s9KKlTaKBkCk+1pHXWVV8VOurPVb88G/pi9UdG40OGhUjib8hAbNjwRWK q3lj36Sn85c7L+gSAvjfTS+F7ifADhPE0l3/lgGS01/XhvHGpek7yq/AGre7Do0G 76gHZYFqsfEccAHmDh/FJPia54NSFpV1XIykoY6Heng2b/hQ1CkqX0gPdRq4jIbA DmoILKcfXkSJsW3kjEQhUngzdSILkT7rHRXnCtL3Wqr1ZwMdXvvmaj3XUyBcXffC y9I4QVh+Q/cGraXG+TGrIhw2sDD/LciLbVMrksN6hUq3/315caSkdo3NIoN8yJcO 9vzbpJv4q6XdNBAa8jC9 =/rsw -----END PGP SIGNATURE----- _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
