On Thu, Jul 23, 2015 at 3:38 AM, Bill Frantz <fra...@pwpconsult.com> wrote:
> One place we may run into a lot of those clients are on machines like the > Raspberry Pi and Beaglebone machines. These boards do not include clock > chips, so the machines must get the current time via NTP every time they > power on. If there is a problem with NTP, or if the shell script to set the > clock is not run, then the date will probably be 20 or 30 years back in the > last millenium. > That's definitely a problem, but not a specific problem for ServerConfiguration since those implementations will also have problems with certificates (and ironically, will accept ServerConfiguration just fine) -Ekr Cheers - Bill > > On 7/22/15 at 2:14 PM, bmath...@fb.com (Blake Matheny) wrote: > > Ahh. I can't tell, the data I have is only clients with very very broken >> clocks who failed validation as a result. My assumption would be that there >> is a much larger number of clients that fit what you described (cert/OCSP >> check passes, but ServerConfiguration would not be). Since I don’t have the >> data, I can’t say that for sure, but anecdotal evidence would indicate that >> this is the case. >> >> -Blake >> >> >> >> >> On 7/22/15, 10:58 PM, "Eric Rescorla" <e...@rtfm.com> wrote: >> >> I guess what I'm trying to get at is the following: >>> Are there a lot of people whose clocks are accurate enough that they >>> will be able to connect to the >>> >> server and check the certificate/OCSP but not accurate enough to process >> ServerConfiguration if it is in absolute time. >> _______________________________________________ >> TLS mailing list >> TLS@ietf.org >> https://www.ietf.org/mailman/listinfo/tls >> >> ----------------------------------------------------------------------- > Bill Frantz | Ham radio contesting is a | Periwinkle > (408)356-8506 | contact sport. | 16345 Englewood Ave > www.pwpconsult.com | - Ken Widelitz K6LA / VY2TT | Los Gatos, CA 95032 > >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
