Dash.js: Default time server SSL cert will be distrusted in M70

Created on 1 Feb 2018  路  4Comments  路  Source: Dash-Industry-Forum/dash.js

dash.js uses https://time.akamai.com as the default UTC time source when no other source is specified.

If the certificate is not updated by the time Chrome 70 comes round (~October 2018), we would need to remove the default source, or find an alternative.

Raising this as this is the first time I have seen this message in the dev console.

CC @wilaw

Most helpful comment

@Alihodroj, could you please stop "spamming" every user? I could understand you are in a hurry with your requirements but definitively, get dash.js tracking issues tool full of your messages is not a good practice.

I have also seen more and more messages from you in other Github issue and in our Google Group. Please, take some time to think what would happen if every dash.js user started asking questions in this way. This tool, in which we are putting our time and dedication, wouldn't be useful for anyone.

Thanks

All 4 comments

@bbcrddave - I had noticed this myself. I fully expect us to rotate our certs by then, but let me confirm that internally.

On a related note, having only one timing source is a little risky. The intent was always to have several and to be able to faildown if the source is slow||!200, but no one at the time contributed one besides Akamai. Since a few years have passed, do you know of anyone who would be willing (or is already) standing up an alternate time source so we could bake both in to the framework?

-Will

@Alihodroj, could you please stop "spamming" every user? I could understand you are in a hurry with your requirements but definitively, get dash.js tracking issues tool full of your messages is not a good practice.

I have also seen more and more messages from you in other Github issue and in our Google Group. Please, take some time to think what would happen if every dash.js user started asking questions in this way. This tool, in which we are putting our time and dedication, wouldn't be useful for anyone.

Thanks

@bbcrddave The Symantec cert attached to time.akamai.com has now been updated by Akamai to one that is compliant with Chrome M70. Please verify from your end (I just tested here and cert was deployed worldwide 3 hrs ago) and then we can close this issue as resolved.

@wilaw I think updating this has regressed the explicit non-caching of the service that we'd talked about before, the service is now not explicitly cacheable again, and IE11 on default settings typically caches it, leading to horrible behaviour for us :(

Can you fix?

Was this page helpful?
0 / 5 - 0 ratings