Thanks.
> It's been a few years, but IIRC my thinking was that the degree of trust
> required in the Roughtime servers' long-term public keys is very low: you're
> trusting them only for one server's assertion of the current time, not for
> general web traffic; and if you ask enough servers, the l
On Sat, Aug 13, 2022 at 11:16 PM Hal Murray wrote:
> > IIRC, this is one of the main arguments for advancing Roughtime:
>
> I took a look at draft 06. I don't see how it helps. Am I missing
> something?
>
> Here is the key section:
>
> 6.4 Validity of Response
> A client MUST check the follow
Christian Huitema writes:
>For example, the device will get some notion of time from the dates in the
>certificates that are provisioned during enrollment. Maybe that's enough to
>move from the 10 years scenario to the one year scenario, and then call NTP.
>But it would probably be better to spel
