Re: [Tails-dev] Risks of enabled/disabled TCP timestamps?

Delete this message

Reply to this message
Author: Jacob Appelbaum
Date:  
To: The Tails public development discussion list
New-Topics: [Tails-dev] [review'n'merge:1.2] feature/6579-disable-tcp-timestamps [Was: Risks of enabled/disabled TCP timestamps?]
Subject: Re: [Tails-dev] Risks of enabled/disabled TCP timestamps?
On 7/27/14, intrigeri <intrigeri@???> wrote:
> Hi,
>
> I was a bit sad that the TCP timestamps thing went nowhere, after the
> energy we've put into discussing it, so I've built an ISO with the
> corresponding branch merged in, and successfully run the automated
> test suite on it. So, at least we now know it doesn't break too much
> stuff in obvious ways. Good!


Ok. Great!

>
> But that's not enough to merge this branch:
>
> intrigeri wrote (07 Jan 2014 23:12:31 GMT) :
>>>> I'll come back to you and Jacob for the design doc phrasing, as I'm
>>>> still not convinced we can put statements as bold as "tracking the
>>>> clock down to the millisecond" in there, without thinking a bit about
>>>> how an attacker is affected by the network lag between the time a TCP
>>>> timestamp was created, and the time when they get to see the packet.
>
>>>> I mean, I'm weak at stats and all and you probably know better, but
>>>> learning that "some unknown time ago, the system clock was T with
>>>> a millisecond precision" does not really give me the current system
>>>> clock with a millisecond precision, does it?
>
>>> This still needs some input.
>
>> Now known as #6581.
>


Ok. I'll comment on #6581 shortly.

> This is still waiting for some input from those who are confident that
> disabling TCP timestamps buys us much, and feel able to phrase it in
> a way that's suitable for our design doc. Once we have that phrasing,
> I volunteer to integrate it into the design doc and propose a branch.
>
> Any taker?


Yes, I'm on it.

All the best,
Jacob