IETF Logo Mail Archive

Re: [saag] [art] Date formats: RFC3339 vs. RFC 5322

Alan DeKok <aland@deployingradius.com> Wed, 14 April 2021 11:16 UTC

Return-Path: <aland@deployingradius.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55F403A1B6F; Wed, 14 Apr 2021 04:16:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wrWzr_N2kPDy; Wed, 14 Apr 2021 04:16:53 -0700 (PDT)
Received: from mail.networkradius.com (mail.networkradius.com [62.210.147.122]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF7A53A1B72; Wed, 14 Apr 2021 04:16:52 -0700 (PDT)
Received: from [192.168.46.152] (24-52-251-6.cable.teksavvy.com [24.52.251.6]) by mail.networkradius.com (Postfix) with ESMTPSA id DCAAE262; Wed, 14 Apr 2021 11:16:49 +0000 (UTC)
Authentication-Results: NetworkRADIUS; dmarc=none (p=none dis=none) header.from=deployingradius.com
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.4\))
From: Alan DeKok <aland@deployingradius.com>
In-Reply-To: <5F841FEF-7985-424B-A925-336AC3265D8F@manchester.ac.uk>
Date: Wed, 14 Apr 2021 07:16:48 -0400
Cc: Nico Williams <nico@cryptonector.com>, "Eliot Lear (elear)" <elear=40cisco.com@dmarc.ietf.org>, "art@ietf.org" <art@ietf.org>, "saag@ietf.org" <saag@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <3E679B11-0D23-4746-9938-D6532276690F@deployingradius.com>
References: <CAAyEnSMBdXCA0EvgR79P_1gi15pAPfeyu_HgGqgMjWxRP8sxKg@mail.gmail.com> <C7B5DB45-F0A1-491C-AD4E-91F67C8C182E@cisco.com> <20210413191937.GK9612@localhost> <adf764ae-cb85-5063-0071-cc1461b11f1f@dcrocker.net> <5F841FEF-7985-424B-A925-336AC3265D8F@manchester.ac.uk>
To: Stian Soiland-Reyes <soiland-reyes@manchester.ac.uk>
X-Mailer: Apple Mail (2.3608.120.23.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/dUgYvAU-antiokchvCtZGLfgvVw>
Subject: Re: [saag] [art] Date formats: RFC3339 vs. RFC 5322
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Apr 2021 11:16:58 -0000

On Apr 14, 2021, at 5:00 AM, Stian Soiland-Reyes <soiland-reyes@manchester.ac.uk> wrote:
> 
> I would say for this particular example of security logs you should use ISO8601 (aka RFC3339), as it is more important when it happened/expires internationally rather than what timezone it happened in. 
> 
> In that case it should also be UTC-based or have an explicit timezone, e.g. considering "Zero day" - which day?

  Add to that the problem that time zones change over time.  That information can be lost, or unknown to later consumers of the data.

  What we've learned in the AAA environment (ISP / Telco) is that there are two reasonable choices for dates:

1) whatever you use locally, because it will never go off-system, and no one else will ever see it

2) RFC 3339

  Alan DeKok.

v2.23.0 | Report a Bug | By Email