• @[email protected]
    link
    fedilink
    English
    101 year ago

    “The false assumption is that most SSL implementations return the server time,” Simen said. “This was probably true in a Microsoft-only ecosystem back when they implemented it, but at that time [when STS was introduced], OpenSSL was already sending random data instead.”

    This is so amazing, NTP is too insecure, so we relied on random data from random servers instead