Looking for hacks and attacks enabled by control of a system's clock. E.g., cert un-expiration. #plzzz #askingForAFriend
-
-
Replying to @isislovecruft
@isislovecruft@marshray More scary than TLS handshake failure IMO is client fingerprinting due to including timestamps in protocols.6 replies 6 retweets 6 likes -
Replying to @nickm_tor
@nickm_tor Good point. That's what all your patches to rip out the timestamps were for, right?@marshray1 reply 0 retweets 0 likes -
Replying to @isislovecruft
@isislovecruft@marshray I patched OpenSSL; others patched NSS.1 reply 0 retweets 0 likes
Replying to @nickm_tor
@nickm_tor I wrote the NSS patch directly in response to your TLS WG email. Thanks for drawing attention to the issue. Should be in the BCP.
2:01 AM - 7 Jun 2014
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.