When the host's system clock is too much off, Tor won't be able to connect and since sdwdate runs through Tor, it won't be able to fix the clock. At the moment in such situations there is no good feedback to the user.
- A sdwdate sanity test could be created.
- Before attempting to fetch the time from Tor hidden services, it could check what Tor is telling us about the clock.
- Check if times from remote servers match Tor are within consensus/valid-after and consensus/valid-until, otherwise reject those.
- As per chat log with Roger directory authorities can lie about time - so we need to use this with care.
- Tor consensus isn't always downloaded from directly from directory authorities, sometimes Tor downloads the Tor consensus from directory mirrors. And the latter aren't trusted as much as directory authorities. Those are just like normal relays.
- We should have the courtesy to not explicitly download from directory authorities, because... armadev: oh. i think that would be horrible. hundreds of thousands of users doing that could overwhelm the directory authorities.
- anondate is a fork of tordate and already parses Tor consensus file. It's already part of anon-shared-helper-scripts (https://github.com/Whonix/anon-shared-helper-scripts/blob/master/usr/lib/anon-shared-helper-scripts/anondate).
- Why not use tordate by Tails instead of reinventing the wheel with anondate?
- Another option, from control-spec.txt:
"consensus/valid-after" "consensus/fresh-until" "consensus/valid-until" Each of these produces an ISOTime describing part of the lifetime of the current (valid, accepted) consensus that Tor has. [New in Tor 0.2.6.3-alpha]
- Related: https://www.whonix.org/wiki/Dev/TimeSync#Tor_Consensus_Method
- Related: T56
We could then inform the user and/or - if it is safe - even roughly fix the clock for the user so sdwdate can fix it. (From verified Tor consensus (vs unverified Tor consensus). Needs research.) plugin sdwdate-plugin-anondate(Not required as a plugin, because sdwdate now depends on Tor anyhow.) Migrated from: https://github.com/Whonix/Whonix/issues/244 (contains extensive discussion)(outdated) Tails-dev - tordate: why is it safe to set time from unverified-consensus?(threat model does not include fingerprinting)
The scope of this ticket is to create a sdwdate sanity test. It would be a user of anondate.