- From: Chris Palmer <palmer@google.com>
- Date: Thu, 16 Oct 2014 10:33:26 -0700
- To: Adam Langley <agl@google.com>
- Cc: Anne van Kesteren <annevk@annevk.nl>, John Kemp <john@jkemp.net>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Oct 16, 2014 at 9:01 AM, Adam Langley <agl@google.com> wrote: > However, in section seven, where the author claims that preloaded > entries are added for 1000 days, that's only via the net-internals > debugging interface. (The code screenshot shown is also of code for > that debugging interface.) I believe that preloaded entries in Chrome > will always be enforced, no matter what the system time is. We have also added code to detect with the system clock is obviously wrong (current time < Chrome's build time, or current time > Chrome's build time + 1 year), and show a specific SSL warning interstitial with a UX control for users to activate their system's clock reset application. In a near-future version of Chrome, that warning interstitial won't even be an SSL warning, it will be its own kind of (less frightening) warning. (To the effect of, "You've probably noticed that a wide variety of things aren't working right... Let's fix that clock...")
Received on Thursday, 16 October 2014 17:33:54 UTC