undefined | Better HN

0 pointsNullPrefix7y ago0 comments

>1. The device doesn't have a battery, so when it boots it thinks the time is Jan 1, 1970. X.509 wasn't even invented at that point so there are no valid certificates for that date.

Defaulting to date of manufacture instead of unix timestamp 0 would get you closer, although it's still not a solution.

You could also periodically store time in a non volatile memory, to be loaded on boot.

0 comments

3 comments · 3 top-level

yardstick7y ago

OpenWrt can use the last modified timestamp of a file, eg the most recently updated log file. It’s a decent middle ground.

michaelt7y ago

Right, but Let's Encrypt certificates are only valid for 90 days. And there's loads of electronics in the world that's been powered off for more than 90 days :)

xyzzy_plugh7y ago

Yes, there's lots you can do to mitigate the risk but nothing perfect.

Which, realistically speaking, is quite fine.

j / k navigate · click thread line to collapse