Stephen Farrell <[email protected]> writes: >(And that's a common pattern actually: someone says "if we do X that'll make >privacy a bit better" and someone else says "but there are so many other ways >to leak private info, why bother just doing X?")
I've only partially seen it as a privacy issue but more as a security issue, by telling an attacker that your clock is two weeks out you're letting them know that they can reuse an expired cert or replay an old CRL. Even in terms of privacy it wasn't a specific user-tracking thing but more a question of why you needed to tell the world what your system clock was set to. So my code has always populated the field with random noise, not an actual time. Peter. _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
