> On May 2, 2017, at 2:39 PM, Benjamin Kaduk <bka...@akamai.com> wrote:
>
> I thought TLS clients were supposed to have even worse clocks (in terms of
> absolute time) than Kerberos clients. The current ticket_age scheme only
> requires the client's clock *rate* to be reasonable, not its absolute time.
Sure, and yet it might still have been better to transport the "obfuscated
ticket age"
as an "encrypted ticket age", while keeping the elements of the design that
expect only
a reasonable clock rate from the client. Of course making such a change is
likely
prohibitive at this time...
If the ticket is never re-used the "obfuscation" is perhaps sufficient, and if
it
is re-used both obfuscation and encryption are defeated. So obfuscation is
perhaps
acceptable.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
