Re: [DNSOP] Fwd: New Version Notification for draft-pusateri-dnsop-update-timeout-01.txt

Dick Franks <> Wed, 20 February 2019 14:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4969C129741 for <>; Wed, 20 Feb 2019 06:50:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.88
X-Spam-Status: No, score=-1.88 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.018, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2YFPr23R7yJQ for <>; Wed, 20 Feb 2019 06:50:51 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id EEBE8127AC2 for <>; Wed, 20 Feb 2019 06:50:50 -0800 (PST)
Received: by with SMTP id l15so16024619iti.4 for <>; Wed, 20 Feb 2019 06:50:50 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=E7NofsVaKkhgwWKLkHTW4UkI+ylWIJVRWlMG2ecyU1Y=; b=nCzUrpfhtAvM6ZIH9TqpyDuf2jqtRE5xngmfWZWSGbIBgoy0OibQoe2a8S21jINS4X KrKfa8MLfOafrr0/zMUpWsScZ0Ko5mZYH9UpQp08nT952qiNTVmCj7MwuKgnGpzREwk0 3sURZulbxnaZIr2ORKbvwAcFPh34r0lWuNknJxPMrie+ZQ93hKmiRemNM60/y4D/bqoY OWx5I6qwLwPDe55Jhb5o0QgNOdCUmHdw6Fj+VSZjTBlChO5PYA123oO9Q+A8UAbhs7WP vef2vlQs+S2pp3cTC9u4sphYTd8zLuDpKQeISNx4i5lIbzSolDMfRS7Fm6bqm0zD/LfQ wRtg==
X-Gm-Message-State: AHQUAuYDye+/lma7mbsQz8UH35teX+/oQEE4Guwn3iyCOReNsMEzbs69 lm85EvSsLaN8k/loYrVxkTfL8jriJEgsjn6bSeEbMOByQ4A=
X-Google-Smtp-Source: AHgI3IZC9wfjkJ3gGCDSlhMZnAptHF7/UxKiArVNBwf0QsW1yNGPASkJRMSvYweHcwBQjG5ovMVGDWdUyIMOf1bipQ0=
X-Received: by 2002:a5d:97c8:: with SMTP id k8mr21814165ios.267.1550674249979; Wed, 20 Feb 2019 06:50:49 -0800 (PST)
MIME-Version: 1.0
References: <> <> <> <> <> <>
In-Reply-To: <>
From: Dick Franks <>
Date: Wed, 20 Feb 2019 14:50:12 +0000
Message-ID: <>
To: Tony Finch <>
Cc: Tim Wattenberg <>, dnsop WG <>, Tom Pusateri <>
Content-Type: multipart/alternative; boundary="000000000000d51b8a0582547b38"
Archived-At: <>
Subject: Re: [DNSOP] Fwd: New Version Notification for draft-pusateri-dnsop-update-timeout-01.txt
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 20 Feb 2019 14:50:53 -0000

On Wed, 20 Feb 2019 at 12:36, Tony Finch <> wrote:

> Dick Franks <> wrote:
> >
> > Unsigned 32 bit RRSIG time is good for travel until 7th February 2106.
> No, it lasts indefinitely. It covers +/- 68 years relative to current
> POSIX time using serial number arithmetic.

The value is  ( t - Jan1970 ) mod 2**32,  for any integer t,   which is
not relative to current time, always positive, and I agree lasts
The point I was trying to make was that the wrapping occurs in 2106,
not 2038 as some have claimed.
RFC1982 serial number arithmetic is mandated for comparison of these values,
not for defining the values themselves.

[RFC4034] 3.1.5.  Signature Expiration and Inception Fields

   The Signature Expiration and Inception fields specify a validity
   period for the signature.  The RRSIG record MUST NOT be used for
   authentication prior to the inception date and MUST NOT be used for
   authentication after the expiration date.

   The Signature Expiration and Inception field values specify a date
   and time in the form of a 32-bit unsigned number of seconds elapsed
   since 1 January 1970 00:00:00 UTC, ignoring leap seconds, in network
   byte order.  The longest interval that can be expressed by this
   format without wrapping is approximately 136 years.  An RRSIG RR can
   have an Expiration field value that is numerically smaller than the
   Inception field value if the expiration field value is near the
   32-bit wrap-around point or if the signature is long lived.  Because
   of this, all comparisons involving these fields MUST use "Serial
   number arithmetic", as defined in [RFC1982].  As a direct
   consequence, the values contained in these fields cannot refer to
   dates more than 68 years in either the past or the future.