OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [security-services] Minuets of Discussion at 12 noon, Februar y 1


If we are to get really ansy about this 61 is actually a valid value for
seconds. Leap seconds are introduced about once a decade or so.

The problem with the X.509 approach is that you can actually end up with
a hole in the cert coverage over the leap second. That is not a biggie
in the X.509 framework since you then don't trust the cert for a second.

However that type of thing could be a major problem with an attribute
assertion which might well have blocking semantics so a DoS would be
significant.

		Phill



Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227


> -----Original Message-----
> From: Stephen Farrell [mailto:stephen.farrell@baltimore.ie]
> Sent: Monday, February 04, 2002 7:33 AM
> To: Mishra, Prateek
> Cc: 'security-services@lists.oasis-open.org'; 'joe_pato@hp.com'
> Subject: Re: [security-services] Minuets of Discussion at 12 noon,
> February 1
> 
> 
> 
> Folks,
> 
> Notes from Friday's call look good.
> 
> >   (4) Time Issue:
> 
> Just FYI for whoever's writing up the relevant text, here's [1] 
> a useful internet draft, with some background and describing
> some of the relevant issues. Probably not something we want to
> reference at this stage (its up for IESG review, so some months
> from being an rfc probably).
> 
> Note that saying "add one second" (if we do) could be error
> prone, though in reality probably only in the presence of an
> attack, since according to this draft you could get a value
> of "61" that way;-)
> 
> Stephen.
> 
> [1] 
> http://www.ietf.org/internet-drafts/draft-ietf-impp-datetime-05.txt
> 
> 
> -- 
> ____________________________________________________________
> Stephen Farrell         				   
> Baltimore Technologies,   tel: (direct line) +353 1 881 6716
> 39 Parkgate Street,                     fax: +353 1 881 7000
> Dublin 8.                mailto:stephen.farrell@baltimore.ie
> Ireland                             http://www.baltimore.com
> 
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>

Phillip Hallam-Baker (E-mail).vcf

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC