Ahh. I can't tell, the data I have is only clients with very very broken clocks who failed validation as a result. My assumption would be that there is a much larger number of clients that fit what you described (cert/OCSP check passes, but ServerConfiguration would not be). Since I don’t have the data, I can’t say that for sure, but anecdotal evidence would indicate that this is the case.
-Blake On 7/22/15, 10:58 PM, "Eric Rescorla" <e...@rtfm.com> wrote: >I guess what I'm trying to get at is the following: >Are there a lot of people whose clocks are accurate enough that they will be >able to connect to the server and check the certificate/OCSP but not accurate >enough to process ServerConfiguration if it is in absolute time. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
