Jacob Appelbaum | 0d1569d | 2012-07-09 23:06:41 +0200 | [diff] [blame] | 1 | .\" Process this file with |
| 2 | .\" groff -man -Tascii foo.1 |
| 3 | .\" |
| 4 | .TH TLSDATE 1 "JANUARY 2011" Linux "User Manuals" |
| 5 | .SH NAME |
| 6 | tlsdate-helper \- secure parasitic rdate replacement |
| 7 | .SH SYNOPSIS |
Jacob Appelbaum | 894d527 | 2012-07-15 14:32:39 -0400 | [diff] [blame] | 8 | .B tlsdate-helper host port protocol ca_racket verbose certdir setclock \ |
Jacob Appelbaum | c732f4e | 2012-07-15 22:38:46 -0400 | [diff] [blame] | 9 | showtime timewarp leapaway |
Jacob Appelbaum | 0d1569d | 2012-07-09 23:06:41 +0200 | [diff] [blame] | 10 | .SH DESCRIPTION |
| 11 | .B tlsdate-helper |
| 12 | is a tool for setting the system clock by hand or by communication |
| 13 | with the network. It does not set the Real Time Clock. It is designed to be as |
| 14 | secure as TLS (RFC 2246) but of course the security of TLS is often reduced to |
| 15 | whichever CA racket you believe is trustworthy. By default, tlsdate-helper |
| 16 | trusts your local CA root store - so any of these companies could assist in a |
| 17 | MITM attack against you and you'd be screwed. |
| 18 | |
| 19 | This tool is designed to be run by hand or as a system daemon. It must be |
| 20 | run as root or otherwise have the proper caps; it will not be able to set |
| 21 | the system time without running as root or another privileged user. |
| 22 | .SH BUGS |
| 23 | It's likely! Let us know by contacting jacob@appelbaum.net |
| 24 | |
| 25 | Note that |
| 26 | .B tlsdate(1) |
| 27 | is still in Alpha, and may not work as expected. |
| 28 | .SH AUTHOR |
| 29 | Jacob Appelbaum <jacob at appelbaum dot net> |
| 30 | .SH "SEE ALSO" |