RE: pkix part 1, draft 4: UTCTime vs GeneralizedTime dates anomaly

"Hoffman, Mort" <Mort.Hoffman@gsc.gte.com> Wed, 02 April 1997 21:54 UTC

Date: Wed, 02 Apr 1997 16:55:34 -0500
From: "Hoffman, Mort" <Mort.Hoffman@gsc.gte.com>
Subject: RE: pkix part 1, draft 4: UTCTime vs GeneralizedTime dates anomaly
To: "'ietf-pkix@tandem.com'" <ietf-pkix@tandem.com>, 'Tim Polk' <polk@csmes.ncsl.nist.gov>
Message-id: <c=US%a=_%p=GTE%l=NDHM06-970402215534Z-37380@ndhm06.ndhm.gtegsc.com>
MIME-version: 1.0
Content-type: text/plain; charset="us-ascii"
Content-transfer-encoding: 7bit

Tim,

Reading throught the spec I ran into the following anomaly:  section
4.1.2.5 specifies that dates in the year 2050 should be generated as
UTCTime, and section 4.1.2.5.1 specifies that UTCTime dates encoded with
the year set to 50 shall be interpreted as 2050.  Now, since there were
no CAs existing in the year 1950, then there should not exist any such
dates in certificates at all (OK, this could be argued with on strictly
technical grounds, but I think it is basically true).  Therefore the
anomaly in the spec should not really affect anything, but if someone
writing code to generate certificates read section 4.1.2.5.1 instead of
4.1.2.5, then he would be lead astray.

I imagine all this traces back to the discussion in the X.509 arena on
the dates, but I deleted that mail and I don't know if the anomaly
existed there.  If it didn't then the fix would be to fully align to
what was agreed in X.509.  Otherwise, I guess I'd recommend that a
UTCTime encoded with 50 should be rejected, since it could not have been
legally generated.

Mort

RE: pkix part 1, draft 4: UTCTime vs GeneralizedT… Hoffman, Mort