diff options
author | Jacob Appelbaum <jacob@appelbaum.net> | 2012-07-15 16:11:09 -0400 |
---|---|---|
committer | Jacob Appelbaum <jacob@appelbaum.net> | 2012-07-15 16:11:18 -0400 |
commit | 93dd955fe59b698f9baeffa452c8987a78a5be55 (patch) | |
tree | bd9949362fe1e24337dea7b9c9f8a8dfc716ad46 /TODO | |
parent | d9618897cfa52d556858caf9085bf203ee1c4484 (diff) | |
download | tlsdate-93dd955fe59b698f9baeffa452c8987a78a5be55.tar.gz |
Update TODO
Diffstat (limited to 'TODO')
-rw-r--r-- | TODO | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -5,12 +5,12 @@ Here is a nice list of things to do to improve tlsdate: 1) hack the client handshake to not leak the clock to the server set it to all zeros or something cute or something random - 2) allow users to pass certs for custom verification 3) add HTTP GET request to avoid network fingerprinting 5) daemonize and regularly slam the clock 6) skew the clock rather than slamming it 7) drop privs earlier 9) make this work with Tor in a proxy safe manner (no DNS mode) + This should work with torsocks, does it? Audit results please! 11) verification of remote certificate for Tor nodes 13) account for servers that do not send UTC (Microsoft sends local time) 14) port to nss, gnutls, yassl and other libraries @@ -19,7 +19,7 @@ Here is a nice list of things to do to improve tlsdate: 17) find others to audit it - we need more eyes! 18) cache recent time to /tmp/tlsdate_stamp or something 19) override client time - ensure we only believe the time to be the one compiled in or... - we read the cache of the time and read that. + Add a way to read the cache of the last updated time and read that as + the new epoch. Patches welcome! |