On Tue, May 02, 2017 at 11:49:31PM +0000, Peter Gutmann wrote: > Benjamin Kaduk <bka...@akamai.com> writes: > >I thought TLS clients were supposed to have even worse clocks (in terms of > >absolute time) than Kerberos clients. > > Many of the devices I work with don't have clocks (at best they have non- > persistent monotonic counters), so I guess that's true in some sense...
Yeah, but a non-persistent clock is fine if the client can learn time from the server (and keep a different offset from system time to every server if need be, learning system time from one of them, or from NTP, or whatever). Nico -- _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
