Re: NTP vs. HSTS

On Thu, Oct 16, 2014 at 5:01 PM, John Kemp <john@jkemp.net> wrote:
> https://www.blackhat.com/docs/eu-14/materials/eu-14-Selvi-Bypassing-HTTP-Strict-Transport-Security-wp.pdf

So the problem is that time synchronization does not happen over TLS.
That seems like a pretty big flaw in OSs. Hopefully someone audits any
other unauthenticated channels they may have.


-- 
https://annevankesteren.nl/

Received on Thursday, 16 October 2014 15:12:23 UTC