On Tue, Apr 30, 2024 at 8:29 AM Watson Ladd <watsonbl...@gmail.com> wrote:
> On Tue, Apr 30, 2024 at 8:25 AM Eric Rescorla <e...@rtfm.com> wrote: > > > > > > On the narrow point of shorter lifetimes, I don't think the right way to > advertise that you have an accurate clock is to advertise that you support > some set of root certificates. > > > > If we want to say that, we should have an extension that actually says > you have an accurate clock. > > That says you *think* you have an accurate clock. > Quite so. However, if servers gate the use of some kind of short-lived credential on a client signal that the client thinks it has an accurate clock (however that signal is encoded) and the clients are frequently wrong about that, we're going to have big problems. -Ekr > Sincerely, > Watson > > -- > Astra mortemque praestare gradatim >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
