- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 16 Oct 2014 17:11:51 +0200
- To: John Kemp <john@jkemp.net>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Thu, Oct 16, 2014 at 5:01 PM, John Kemp <john@jkemp.net> wrote: > https://www.blackhat.com/docs/eu-14/materials/eu-14-Selvi-Bypassing-HTTP-Strict-Transport-Security-wp.pdf So the problem is that time synchronization does not happen over TLS. That seems like a pretty big flaw in OSs. Hopefully someone audits any other unauthenticated channels they may have. -- https://annevankesteren.nl/
Received on Thursday, 16 October 2014 15:12:23 UTC