[SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail
Rob Stradling
rob.stradling at comodo.com
Wed Sep 14 01:17:22 PDT 2011
On Tuesday 13 Sep 2011 16:36:11 Adam Langley wrote:
> On Tue, Sep 13, 2011 at 11:33 AM, Rob Stradling
>
> <rob.stradling at comodo.com> wrote:
> > There seems to be a requirement for the "something else" solution to not
> > require the Client to have an accurate clock.
>
> Not needing a clock is a big plus. But having a clock gets you so much
> that I think we'll have to live with requiring one.
>
> It does mean that browsers are going to have to do secure time sync though.
Gerv,
Earlier in this thread, I suggested requiring Clients to do secure time sync.
You replied "Er, no. :-)". In view of Adam's comments, might you/Mozilla
reconsider your view on this?
Peter,
Would a "something else" certificate status checking protocol that requires
Clients to do secure time sync (instead of requiring nonces) get your
blessing?
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
More information about the Observatory
mailing list