One place we may run into a lot of those clients are on machines
like the Raspberry Pi and Beaglebone machines. These boards do
not include clock chips, so the machines must get the current
time via NTP every time they power on. If there is a problem
with NTP, or if the shell script to set the clock is not run,
then the date will probably be 20 or 30 years back in the last millenium.
Cheers - Bill
On 7/22/15 at 2:14 PM, bmath...@fb.com (Blake Matheny) wrote:
Ahh. I can't tell, the data I have is only clients with very
very broken clocks who failed validation as a result. My
assumption would be that there is a much larger number of
clients that fit what you described (cert/OCSP check passes,
but ServerConfiguration would not be). Since I don’t have the
data, I can’t say that for sure, but anecdotal evidence would
indicate that this is the case.
-Blake
On 7/22/15, 10:58 PM, "Eric Rescorla" <e...@rtfm.com> wrote:
I guess what I'm trying to get at is the following:
Are there a lot of people whose clocks are accurate enough that they will be
able to connect to the
server and check the certificate/OCSP but not accurate enough
to process ServerConfiguration if it is in absolute time.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
-----------------------------------------------------------------------
Bill Frantz | Ham radio contesting is a | Periwinkle
(408)356-8506 | contact sport. | 16345
Englewood Ave
www.pwpconsult.com | - Ken Widelitz K6LA / VY2TT | Los Gatos,
CA 95032
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
