[SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail
Adam Langley
agl at google.com
Tue Sep 13 08:36:11 PDT 2011
On Tue, Sep 13, 2011 at 11:33 AM, Rob Stradling
<rob.stradling at comodo.com> wrote:
> There seems to be a requirement for the "something else" solution to not
> require the Client to have an accurate clock.
Not needing a clock is a big plus. But having a clock gets you so much
that I think we'll have to live with requiring one.
It does mean that browsers are going to have to do secure time sync though.
Cheers
AGL
More information about the Observatory
mailing list