diff options
author | Jacob Appelbaum <jacob@appelbaum.net> | 2012-08-01 23:48:34 -0700 |
---|---|---|
committer | Jacob Appelbaum <jacob@appelbaum.net> | 2012-08-01 23:48:34 -0700 |
commit | fb76edeb29995870699dfecdf535a0b87f198c86 (patch) | |
tree | dcd51d8c5897cff97e87238eae7b3b8d49bb2a12 /TLSDATEPOOL | |
parent | ba605773a04a72f85f2735f215428f5711f3cd80 (diff) | |
download | tlsdate-fb76edeb29995870699dfecdf535a0b87f198c86.tar.gz |
Idea for genepool.tlsdate.net; pool.ntp.org eat your heart out
Diffstat (limited to 'TLSDATEPOOL')
-rw-r--r-- | TLSDATEPOOL | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/TLSDATEPOOL b/TLSDATEPOOL new file mode 100644 index 0000000..2ca8015 --- /dev/null +++ b/TLSDATEPOOL @@ -0,0 +1,31 @@ +"Lets parasitically pool TLS resources into a single location!" + +ntp has pool.ntp.org which currently hosts around ~3000 machines. +tlsdate has only the wild internet's pool of TLS/SSL machines. + +It is believed that there are around ~185,000 reasonable SSL/TLS servers in the +genepool that is the internet. + +To discover the relevant systems in the genepool we will conduct scans and +collect data of SSL/TLS services for the entire internet. When a server is +discovered and it is confirmed to have a reasonably accurate clock, we will +store it in the genepool list. + +The genepool list will first be a text file included with tlsdate and tlsdate +will have an option to use the local genepool; it will randomly select an entry +from the list and use it for timing information. + +The genepool list will be in the following CSV format: + + hostname,port,last known IP address, protocol + +Currently, the default protocol is TLSv1 unless otherwise specified. Fields may +include sslv2, sslv3, tlsv1, tlsv1.1, tlsv1.2, xmpp, pop3, imap and other +STARTTLS enabled protocols. + +Eventually, we propose that a simple DNS query interface located at +genepool.tlsdate.net should return random entries from the genepool list. It +should only host records of machines that have correct timing information in +their SSL/TLS handshakes. The data returned will optionally be a TXT record +containing a line from a regularly updated genepool cache file or an A/AAAA +record for the host. |