Bug#610806: validity timestamp formats: utcTime vs. generalizedTime, TZ embedded vs. not?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Jan 24 04:23:43 UTC 2011
hi ssl observatory folks--
has anyone run any analysis on the X.509 certs in the observatory that
indicates whether the validity timestamps are properly encoded?
https://tools.ietf.org/html/rfc5280#section-4.1.2.5
constrains the acceptable form of emitted timstamp formats:
They must be utcTime before 2050, generalizedTime after.
And they must indicate their timezones in UTC (a "Z" suffix).
I was curious how many certificates don't meet either of these
requirements in the wild.
--dkg
PS this is related to http://bugs.debian.org/610806, which is about the
behavior of GnuTLS in regard to times that don't meet the constraints
laid down in RFC 5280.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20110123/3549c6f4/attachment.pgp>
More information about the Pkg-gnutls-maint
mailing list