[sidr] How are thisUpdate and nextUpdate supposed to be formatted?
Alberto Leiva <ydahhrk@gmail.com> Tue, 05 March 2019 22:33 UTC
Hello. I'm having a bit of trouble implementing RFC 6486 (RPKI Manifests). In section 4.2, 6486 defines thisUpdate and nextUpdate as GeneralizedTimes: Manifest ::= SEQUENCE { (...) thisUpdate GeneralizedTime, nextUpdate GeneralizedTime, (...) } (https://tools.ietf.org/html/rfc6486#section-4.2) During section 4.2.1, it further states the following: thisUpdate: This field contains the time when the manifest was created. This field has the same format constraints as specified in [RFC5280] for the CRL field of the same name. Problem: RFC 5280 (https://tools.ietf.org/html/rfc5280#section-5.1) defines both CRL fields as Times, not as GeneralizedTimes. Time ::= CHOICE { utcTime UTCTime, generalTime GeneralizedTime } (...) TBSCertList ::= SEQUENCE { (...) thisUpdate Time, nextUpdate Time OPTIONAL, (...) } Further, 5280 states that the usage choice is not arbitrary, but rather, depends on the value that's being conveyed: CRL issuers conforming to this profile MUST encode thisUpdate as UTCTime for dates through the year 2049. CRL issuers conforming to this profile MUST encode thisUpdate as GeneralizedTime for dates in the year 2050 or later. Conforming applications MUST be able to process dates that are encoded in either UTCTime or GeneralizedTime. What I find really strange is that 5280 has rather little to say about thisUpdate in particular, aside from its apparent contradiction to 6486. So when 6486 does little more than reference 5280... what am I supposed to implement? Thanks in advance, Alberto
