[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] Minuets of Discussion at 12 noon, Februar y 1
If we are to get really ansy about this 61 is actually a valid value for seconds. Leap seconds are introduced about once a decade or so. The problem with the X.509 approach is that you can actually end up with a hole in the cert coverage over the leap second. That is not a biggie in the X.509 framework since you then don't trust the cert for a second. However that type of thing could be a major problem with an attribute assertion which might well have blocking semantics so a DoS would be significant. Phill Phillip Hallam-Baker FBCS C.Eng. Principal Scientist VeriSign Inc. pbaker@verisign.com 781 245 6996 x227 > -----Original Message----- > From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie] > Sent: Monday, February 04, 2002 7:33 AM > To: Mishra, Prateek > Cc: 'security-services@lists.oasis-open.org'; 'joe_pato@hp.com' > Subject: Re: [security-services] Minuets of Discussion at 12 noon, > February 1 > > > > Folks, > > Notes from Friday's call look good. > > > (4) Time Issue: > > Just FYI for whoever's writing up the relevant text, here's [1] > a useful internet draft, with some background and describing > some of the relevant issues. Probably not something we want to > reference at this stage (its up for IESG review, so some months > from being an rfc probably). > > Note that saying "add one second" (if we do) could be error > prone, though in reality probably only in the presence of an > attack, since according to this draft you could get a value > of "61" that way;-) > > Stephen. > > [1] > http://www.ietf.org/internet-drafts/draft-ietf-impp-datetime-05.txt > > > -- > ____________________________________________________________ > Stephen Farrell > Baltimore Technologies, tel: (direct line) +353 1 881 6716 > 39 Parkgate Street, fax: +353 1 881 7000 > Dublin 8. mailto:stephen.farrell@baltimore.ie > Ireland http://www.baltimore.com > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> >
Phillip Hallam-Baker (E-mail).vcf
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC