On Thu, Oct 16, 2014 at 5:01 PM, John Kemp <john@jkemp.net> wrote: > https://www.blackhat.com/docs/eu-14/materials/eu-14-Selvi-Bypassing-HTTP-Strict-Transport-Security-wp.pdf So the problem is that time synchronization does not happen over TLS. That seems like a pretty big flaw in OSs. Hopefully someone audits any other unauthenticated channels they may have. -- https://annevankesteren.nl/Received on Thursday, 16 October 2014 15:12:23 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:07 UTC