That's been a not uncommon occurrence for me on b2g. I get cert expiration warnings and think, "oh no, have our persona certs lapsed somehow?" But then I realize that some lamentable event, like a battery discharge or some sort of crash, has set the system click back to 1985.
---- Typed with my thumb On Feb 19, 2014, at 17:45, Justin Dolske <[email protected]> wrote: > On 2/19/14 1:23 PM, Chris Karlof wrote: > >> There are a couple reasons why Hawk is (arguably) better than bearer >> tokens, particularly over HTTP connections. All our requests are over >> HTTPS, so using Hawk is a bit of a belt-and-suspenders situation for us. > [...] >> 2) *Dramatically scale back the replay protection of Hawk. *Hawk allows >> a time window of 1 min by default. I propose we change that to something >> big. A day, a week, a month, a year. Turn the knob until we stop seeing >> problems. > > It's worth noting that if the client clock is too far out of whack, SSL > probably won't be working either because the client thinks the cert has > either expired, or is not yet valid (depending on the direction of the slew). > > There is data about this, somewhere. I know I've seen a chart showing a > distribution of grossly incorrect system clocks, but I can't recall if it was > from our own data sources, or from a some third party's analysis. A couple > minutes of Googling didn't turn up anything obvious. > > Justin > _______________________________________________ > Sync-dev mailing list > [email protected] > https://mail.mozilla.org/listinfo/sync-dev _______________________________________________ Sync-dev mailing list [email protected] https://mail.mozilla.org/listinfo/sync-dev
