On Thu, 15 Feb 2018 15:55:27 -0600
> I'm not sure this can be worked around. A setup where time is not > pulled from the network is abnormal now, and most people who have such > a system soon realize what the issue is. OpenNTP has a constraint system but considering NTP is a latent, insecure, untrusted server protocol, synchronising the clock in one go is not the recommended default. Instead it used https constraints and 8 UDP server samples before skewing slightly. I don't know if the windows version is a less latent but secured protocol. > > The certificate warnings are a good reminder to update my clock > (seriously). Perhaps offer this information on the error page? Yeah, I don't think the messages are as clear these days as to what the issue is. The idea being to reduce click through, perhaps they could manually update their clock in that case but not understand the messages otherwise or been taught to stop when strange things happen or not to click on error boxes. On that subject I think the chromium reported plan to label sites as insecure should perhaps be revised to page insecured or something more accurate? Additionally it infers sites labelled secure or not labelled insecure are secure when they may have terrible security but utilise TLS. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
