[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Pre-approval for apt 0.7.21: "Valid-Until" feature and proxy changes

* Eugene V. Lyubimkin:

> Florian Weimer wrote:
>> And if Valid-Until is only checked against the real-time clock, the
>> attacker can still feed bad data over NTP, so it's not even a complete
>> defense. 8-(
> However, it seems there is no better solution, or is there?

A counter in the style of a Lamport clock should work, or checking
that the Valid-Until header does not recede in time.

Reply to: