“The false assumption is that most SSL implementations return the server time,” Simen said. “This was probably true in a Microsoft-only ecosystem back when they implemented it, but at that time [when STS was introduced], OpenSSL was already sending random data instead.”
This is so amazing, NTP is too insecure, so we relied on random data from random servers instead
This is so amazing, NTP is too insecure, so we relied on random data from random servers instead