* Eugene V. Lyubimkin: > Florian Weimer wrote: >> And if Valid-Until is only checked against the real-time clock, the >> attacker can still feed bad data over NTP, so it's not even a complete >> defense. 8-( > > However, it seems there is no better solution, or is there?
A counter in the style of a Lamport clock should work, or checking that the Valid-Until header does not recede in time. -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org