IETF Logo Mail Archive

Re: [pkix] [TLS] Updated EdDSA/Ed25519 PKIX document

Nikos Mavrogiannopoulos <nmav@redhat.com> Thu, 24 September 2015 12:01 UTC

Return-Path: <nmav@redhat.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E92A1A909C; Thu, 24 Sep 2015 05:01:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.911
X-Spam-Level:
X-Spam-Status: No, score=-6.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 94woLdJqfBBV; Thu, 24 Sep 2015 05:01:18 -0700 (PDT)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60C4B1A9084; Thu, 24 Sep 2015 05:01:18 -0700 (PDT)
Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (Postfix) with ESMTPS id 681DE461E3; Thu, 24 Sep 2015 12:01:17 +0000 (UTC)
Received: from dhcp-10-40-3-77.brq.redhat.com (dhcp-10-40-3-77.brq.redhat.com [10.40.3.77]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t8OC1ECs006662 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO); Thu, 24 Sep 2015 08:01:15 -0400
Message-ID: <1443096074.20825.7.camel@redhat.com>
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
To: "Manger, James" <James.H.Manger@team.telstra.com>, Simon Josefsson <simon@josefsson.org>, "pkix@ietf.org" <pkix@ietf.org>, "tls@ietf.org" <tls@ietf.org>
Date: Thu, 24 Sep 2015 14:01:14 +0200
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E13BAE1499A2@WSMSG3153V.srv.dir.telstra.com>
References: <878u7xtu06.fsf@latte.josefsson.org> <255B9BB34FB7D647A506DC292726F6E13BAE1499A2@WSMSG3153V.srv.dir.telstra.com>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23
Archived-At: <http://mailarchive.ietf.org/arch/msg/pkix/KtzW0FDijUER3GIpOpp38QY-JuY>
Subject: Re: [pkix] [TLS] Updated EdDSA/Ed25519 PKIX document
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Sep 2015 12:01:24 -0000

On Thu, 2015-09-24 at 13:23 +1000, Manger, James wrote:

> The cert's notBefore field is a UTCTime value (2-digit year), while
> the notAfter field is a GeneralizedTime value (4-digit year). I don't
> think I has seen that before, but it is valid.

Hi,
 Thanks for the comments, they should be addressed in the next update.
About the times, that's an RFC5280 requirement. 
"CAs conforming to this profile MUST always encode certificate
validity dates through the year 2049 as UTCTime; certificate
validity dates in 2050 or later MUST be encoded as GeneralizedTime."

The notAfter is a date over 2050 (in fact its the 'no well defined
expiration date').

regards,
Nikos

v2.23.0 | Report a Bug | By Email