Protection against rogue time-changes (use integrity protecting time protocol) #153

Open
rugk opened this Issue Jan 28, 2016 · 2 comments

Comments

Projects
None yet
2 participants
@rugk

rugk commented Jan 28, 2016

It would be very good to have some protection against time-change attacks (e.g. important for 2FA/TOTP, HSTS and HPKP and HTTPS certs in general).

I would encourage you to use tlsdate by @ioerror: https://github.com/ioerror/tlsdate/

@rugk rugk changed the title from Protectionn against rogue time-changes (use integrity protecting time protocol) to Protection against rogue time-changes (use integrity protecting time protocol) Jan 28, 2016

@thestinger thestinger added the upstream label Feb 5, 2016

@thestinger

This comment has been minimized.

Show comment Hide comment
@thestinger

thestinger Feb 5, 2016

Contributor

Google appears to be adopting tlsdate upstream: https://android.googlesource.com/platform/external/tlsdate/. It's possible that it will be part of 7.0. So it wouldn't be a great thing to work on in CopperheadOS since it seems to be happening already.

Contributor

thestinger commented Feb 5, 2016

Google appears to be adopting tlsdate upstream: https://android.googlesource.com/platform/external/tlsdate/. It's possible that it will be part of 7.0. So it wouldn't be a great thing to work on in CopperheadOS since it seems to be happening already.

@thestinger

This comment has been minimized.

Show comment Hide comment
@thestinger

thestinger Jan 25, 2018

Contributor

They never ended up using tlsdate for mobile, only Android Things uses it for now. I'll keep trying to get this done upstream just like DNS over TLS because they do want to do that kind of thing.

Contributor

thestinger commented Jan 25, 2018

They never ended up using tlsdate for mobile, only Android Things uses it for now. I'll keep trying to get this done upstream just like DNS over TLS because they do want to do that kind of thing.

@thestinger thestinger added the upstream label Jan 25, 2018

@thestinger thestinger removed the upstream label Apr 4, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment