Bug#610806: validity timestamp formats: utcTime vs. generalizedTime, TZ embedded vs. not?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Mon Jan 24 04:23:43 UTC 2011

hi ssl observatory folks--

has anyone run any analysis on the X.509 certs in the observatory that
indicates whether the validity timestamps are properly encoded?


constrains the acceptable form of emitted timstamp formats:

They must be utcTime before 2050, generalizedTime after.

And they must indicate their timezones in UTC (a "Z" suffix).

I was curious how many certificates don't meet either of these
requirements in the wild.


PS this is related to http://bugs.debian.org/610806, which is about the
behavior of GnuTLS in regard to times that don't meet the constraints
laid down in RFC 5280.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20110123/3549c6f4/attachment.pgp>

More information about the Pkg-gnutls-maint mailing list