Bug#610806: validity timestamp formats: utcTime vs. generalizedTime, TZ embedded vs. not?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Jan 24 04:23:43 UTC 2011
hi ssl observatory folks--
has anyone run any analysis on the X.509 certs in the observatory that
indicates whether the validity timestamps are properly encoded?
constrains the acceptable form of emitted timstamp formats:
They must be utcTime before 2050, generalizedTime after.
And they must indicate their timezones in UTC (a "Z" suffix).
I was curious how many certificates don't meet either of these
requirements in the wild.
PS this is related to http://bugs.debian.org/610806, which is about the
behavior of GnuTLS in regard to times that don't meet the constraints
laid down in RFC 5280.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1030 bytes
Desc: OpenPGP digital signature
More information about the Pkg-gnutls-maint