Skip to content
This repository has been archived by the owner on Nov 14, 2019. It is now read-only.

Protection against rogue time-changes (use integrity protecting time protocol) #153

Closed
rugk opened this issue Jan 28, 2016 · 3 comments
Closed

Protection against rogue time-changes (use integrity protecting time protocol) #153

rugk opened this issue Jan 28, 2016 · 3 comments
Labels
Priority: low Type: enhancement

Comments

@rugk
Copy link

rugk commented Jan 28, 2016

It would be very good to have some protection against time-change attacks (e.g. important for 2FA/TOTP, HSTS and HPKP and HTTPS certs in general).

I would encourage you to use tlsdate by @ioerror: https://github.com/ioerror/tlsdate/
@rugk rugk changed the title Protectionn against rogue time-changes (use integrity protecting time protocol) Protection against rogue time-changes (use integrity protecting time protocol) Jan 28, 2016
@thestinger
Copy link
Contributor

Google appears to be adopting tlsdate upstream: https://android.googlesource.com/platform/external/tlsdate/. It's possible that it will be part of 7.0. So it wouldn't be a great thing to work on in CopperheadOS since it seems to be happening already.

@thestinger
Copy link
Contributor

They never ended up using tlsdate for mobile, only Android Things uses it for now. I'll keep trying to get this done upstream just like DNS over TLS because they do want to do that kind of thing.

@thestinger
Copy link
Contributor

Migrated to GrapheneOS/os-issue-tracker#3 for the new hardened OS.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Priority: low Type: enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thestinger @rugk