• Thann@lemmy.ml
    link
    fedilink
    English
    arrow-up
    11
    ·
    1 year ago

    “The false assumption is that most SSL implementations return the server time,” Simen said. “This was probably true in a Microsoft-only ecosystem back when they implemented it, but at that time [when STS was introduced], OpenSSL was already sending random data instead.”

    This is so amazing, NTP is too insecure, so we relied on random data from random servers instead