distributed trust

[adrelanos]

From the Tails Time Syncing Design page.

HTP source pools

What sources should be trusted? [...]

The HTP pools used by Tails are based on stable and reliable webservers that get great amounts of traffic. They are categorized into three different pools according to their members relationship to the members in the other pools; any member in a one pool should be unlikely to share logs (or other identifying data), or to agree to send fake time information, with a member from the the other pools. The pools are as follows:

• The "pal" pool are run by groups that are likely to take great care of their visitors' privacy.
• The "foe" pool are managed by adversaries of the "pal" pool.
• The "neutral" pool members have a neutral relationship to both the "pal" and "foe" pool.

The pools are listed in config/chroot local-includes/etc/default/htpdate.

Basically, Tails htpdate pick three random servers (one from each pool), and then build the mediate of the three advertised dates.

Could you please add such a feature to tlsdate as well?

[ioerror]

It's in the TODO list - if you want to submit a patch, I'd be happy to review it and I'll probably merge it.

[adrelanos]

I don't speak C, don't wait for me.

[ioerror]

This is a TODO item - I don't think it needs an open bug. If someone wants to implement it, I'd be happy to review the patch but it's low on my list of tasks.