OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] Motion to open a ballot on the STIX timestamp format

Bret Jordan (CS) wrote this message on Thu, Dec 08, 2016 at 17:39 +0000:
> So I have been talking with Jason offline to address my concerns.   The question I have is given these two levels of subsecond precision, how far in the future will a float64 hold values before it truncates?
> 
> 
> 1) microseconds
> 
> 2) picoseconds
> 
> 
> A follow-on question is will it always truncate the subseconds first?
> 
> 
> The problem I was worried about is:
> 
> 1) I get a STIX object with a timestamp down to picoseconds or greater.
> 
> 2) I parse that JSON object so I can order the fields in a certain order so I can compute the digital signature.
> 
> 3) Since this is a JSON number format and not a JSON string, I will need to probably store this in a "float64" in my struct.

Except that as Trey and others pointed out, the current timestamp format
is a string, not a number, so this does not apply.

Yes, the current proposal is to use a number, but that was not what you
were replying to.

> 4) So with picoseconds, at what point will that timestamp get truncated?  Because if they get truncated, then the digital signature I generate will not match the one you send.
> 
> 
> Bret
> 
> 
> 
> ________________________________
> From: Trey Darley <trey@kingfisherops.com>
> Sent: Thursday, December 8, 2016 5:37 AM
> To: John-Mark Gurney
> Cc: Bret Jordan (CS); Wunder, John A.; cti@lists.oasis-open.org
> Subject: Re: [cti] Motion to open a ballot on the STIX timestamp format
> 
> On 07.12.2016 16:50:52, John-Mark Gurney wrote:
> > Bret Jordan (CS) wrote this message on Wed, Dec 07, 2016 at 18:57 +0000:
> > > Based on this discussion, and information we have learned from it,
> > > if we keep our current timestamps then we need to add some bounds
                     ^^^^^^^^^^^^^^^^^^
> > > checking to the number of sub-second digits so as to not break
> > > digital signatures.
> >
> > Can you explain more about this? As timestamps are a text field, I
> > do not see how this can break digital signatures.
> >
> 
> Bret -
> 
> Echoing John-Mark and Jason's questions, I also cannot see the impact
> on digital signatures. Could you please provide additional background
> to help us understand your concerns?

-- 
John-Mark

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]