RE: OOPS -- Correction. RE: pkix part 1, draft 4: UTCTim
"Hoffman, Mort" <Mort.Hoffman@gsc.gte.com> Mon, 07 April 1997 15:28 UTC
Received: by suntan.tandem.com (8.6.12/suntan5.970212) for ietf-pkix-relay id IAA05131; Mon, 7 Apr 1997 08:28:57 -0700
Received: from Sonnet.GSC.GTE.Com by suntan.tandem.com (8.6.12/suntan5.970212) for <ietf-pkix@tandem.com> id IAA05118; Mon, 7 Apr 1997 08:28:55 -0700
Received: from ndhm06.ndhm.gtegsc.com ("port 2960"@ndhm06.ndhm.gtegsc.com) by Sonnet.GSC.GTE.Com (PMDF V5.0-6 #17886) id <01IHF7T1SYIG000Y0L@Sonnet.GSC.GTE.Com> for ietf-pkix@tandem.com; Mon, 07 Apr 1997 11:28:49 -0400 (EDT)
Received: by ndhm06.ndhm.gtegsc.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.994.63) id <01BC4346.DBAAD930@ndhm06.ndhm.gtegsc.com>; Mon, 07 Apr 1997 11:28:47 -0400
Date: Mon, 07 Apr 1997 11:28:45 -0400
From: "Hoffman, Mort" <Mort.Hoffman@gsc.gte.com>
Subject: RE: OOPS -- Correction. RE: pkix part 1, draft 4: UTCTim
To: "'ietf-pkix@tandem.com'" <ietf-pkix@tandem.com>, "'Housley, Russ'" <housley@spyrus.com>
Message-id: <c=US%a=_%p=GTE%l=NDHM06-970407152845Z-52300@ndhm06.ndhm.gtegsc.com>
MIME-version: 1.0
X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.994.63
Content-type: text/plain; charset="us-ascii"
Content-transfer-encoding: 7bit
Russ, Not quite. I agree with you on what the encoding rules say. However, in 4.1.2.5.1, for purposes of decoding UTCTime it says "Where YY is greater than 50, the year shall be itnerpreted as 19YY; and Where YY is less than or equal to 50, the year shall be interpreted as 20YY." Thus a UTCTime of 500101000000Z would be interpreted as midnight January 1, 2050, even though January 1, 2050 would be encoded in GeneralizedTime! Mort >---------- >From: Housley, Russ[SMTP:housley@spyrus.com] >Sent: Sunday, April 06, 1997 3:42 PM >To: ietf-pkix@tandem.com; Mort.Hoffman@GSC.GTE.Com; wpolk@nist.gov >Subject: Re: OOPS -- Correction. RE: pkix part 1, draft 4: UTCTim > > >Mort: > >I think the text says that dates before 2050 should be encoded at UTCTime, >and >that dates after 2049 should be encodes as GeneralizedTime. Thus, a UTCTime >of 500101000000Z should be interpreted as midnight on January 1, 1950. > >Agree? > >Russ > >>Tim, >> >>Reading throught the spec I ran into the following anomaly: section >>>4.1.2.5 >specifies that dates in the year 2050 should be generated as >GeneralizedTime >(not UTCTime), and section 4.1.2.5.1 specifies that UTCTime >dates encoded >with >>the year set to 50 shall be interpreted as 2050. Now, since there were >>no CAs existing in the year 1950, then there should not exist any such >>dates in certificates at all (OK, this could be argued with on strictly >>technical grounds, but I think it is basically true). Therefore the >>anomaly in the spec should not really affect anything, but if someone >>writing code to generate certificates read section 4.1.2.5.1 instead of >>4.1.2.5, then he would be lead astray. >> >>I imagine all this traces back to the discussion in the X.509 arena on >>the dates, but I deleted that mail and I don't know if the anomaly >>existed there. If it didn't then the fix would be to fully align to >>what was agreed in X.509. Otherwise, I guess I'd recommend that a >>UTCTime encoded with 50 should be rejected, since it could not have been >>legally generated. >> >>Mort >> >> >
- RE: OOPS -- Correction. RE: pkix part 1, draft 4:… Hoffman, Mort
- Re: OOPS -- Correction. RE: pkix part 1, draft 4:… Housley, Russ