On Tue, May 2, 2017 at 11:39 AM, Benjamin Kaduk <[email protected]> wrote:
> I thought TLS clients were supposed to have even worse clocks (in terms of > absolute time) than Kerberos clients. The current ticket_age scheme only > requires the client's clock *rate* to be reasonable, not its absolute time. > Here I have some data. Over 7 days of examining requests from low power devices, 1 in 100 devices had a clock drift of at least 2 seconds. One in 1,000 had a drift of at least 43 seconds, and the worst offender had drifted by years. -- Colm
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
