> Eric Rescorla <[email protected]> writes: >Before we discuss mechanisms, it would be good to verify that in >general clients and servers don't become unhappy if the timestamp is >radically wrong. Has someone done measurements to verify that this is >in fact the case at a broad scale?
I just checked and the current version doesn't do this, but ISTR older Internet Explorer would populate the "GMT" field with the local time. If my recollection is true, this would probably represent "broad scale". This would reveal the client's time zone. So particularly for clients traversing VPNs and proxies it would represent an info leak to a passive eavesdropper positioned near the server. - Marsh _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
