[Cryptography] On the deployment of client-side certs

Natanael natanael.l at gmail.com
Wed Nov 23 04:43:40 EST 2016

Den 23 nov 2016 02:09 skrev "Phillip Hallam-Baker" <phill at hallambaker.com>:


> For security purposes, access to a reasonably accurate clock is really
important. I am aware of Secure NTP of course. But... Well for my purposes,
I really want multiple statements about time:
> 1) A statement that applications can be ~100% certain of that states
'this time has passed' which can be 24, 48 hours in the past.
> 2) A statement that applications can be reasonably certain of, that a
trusted party asserts that the current time is within 10 seconds of a
stated value.
> 3) An untrusted statement that the current time is X which is accurate to
100ms or better
> That combined with the ability to make statements of the form 'I want to
do X provided you can complete before the time you think is Y' allow me to
address most of my time based security concerns.


Uses multiple servers and nonces + hash chaining to establish a verifiable
direction of time / order of events, with high accuracy in timing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161123/7c6c2726/attachment.html>

More information about the cryptography mailing list