[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: X.509 validity period

To: ietf-pkix@xxxxxxxxxx, OSIdirectory@xxxxxxxxxxxxx, pki-twg-request@xxxxxxxxxxxxxxxxxxx, pki-twg@xxxxxxxxxxxxxxxxxxx
Subject: Re[2]: X.509 validity period
From: H.Kesterson@xxxxxxxxxxxxx
Date: Thu, 03 Oct 96 12:36:52 MST

i believe we should get away from two digits years. we had a discussion in
previous directory defect meetings and proposed doing a wrap around also. this
is a acceptable bandage but we should fix the problem.

to handle backward compatability we could define additional extensions that
duplicate the extensions that use utc time but replace the utc time with
generalizedtime. we could allow the extensions to co-exist for a period but
after that period deprecate the use of the earlier extensions. if we don't
change the semantics of the earlier extension, we could accomplish this by
defect.

note that the rules of extensibility should allow extension to a choice (adding
to a choice or creating a choice) only if the original field was optional.

for those who think that x.509 might not effect things in 2099, i offer the
following story (those of you who are too busy or too serious should ignore the
rest of this message)

(i don't know the author of this story)

 The US Standard railroad gauge (distance between the rails) is 4 feet, 8.5
inches. That's an exceedingly odd number. Why was that gauge used? Because
that's the way they built them in England, and the US railroads were built by
English expatriates.

 Why did the English people build them like that? Because the first rail lines
were built by the same people who built the pre-railroad tramways, and that's
the gauge they used.

 Why did "they" use that gauge then? Because the people who built the tramways
used the same jigs and tools that they used for building wagons, which used that
wheel spacing.

 Okay! Why did the wagons use that odd wheel spacing? Well, if they tried to use
any other spacing the wagons would break on some of the old, long distance
roads, because that's the spacing of the old wheel ruts.

 So who built these old rutted roads? The first long distance roads in Europe
were built by Imperial Rome for the benefit of their legions. The roads have
been used ever since. And the ruts? The initial ruts, which everyone else had to
match for fear of destroying their wagons, were first made by Roman war
chariots. Since the chariots were made for or by Imperial Rome they were all
alike in the matter of wheel spacing.

 Thus, we have the answer to the original questions. The United State standard
railroad gauge of 4 feet, 8.5 inches derives from the original specification
(Military Spec) for an Imperial Roman army war chariot. MilSpecs and
Bureaucracies live forever.

 So, the next time you are handed a specification and wonder what horse's ass
came up with it, you may be exactly right. Because the Imperial Roman chariots
were made to be just wide enough to accommodate the back-ends of two war horses.

  hoyt
_______________________________________________________________________________
Subject: RE: X.509 validity period
From:    "Miklos, Sue A." <samiklo@missi.ncsc.mil> at AZ05-SMTP
Date:    10/3/96  12:31


I have had similar requirements proposed and would like to discuss the 
possibility of adding the ability of CHOICE to the certificate time formats 
(UTC or GenTime).  I did briefly mention this to Warwick when I last saw him 
and he expressed concern over backwards compatibility.  I'd be happy to 
bring this up at the ISO editing meeting the end of this month if we can get 
some concensus...
Sandi
 ----------
From: pki-twg-request
To: OSIdirectory; pki-twg; ietf-pkix; Warwick Ford
Subject: X.509 validity period
Date: Wednesday, October 02, 1996 10:21AM

Talking about X.509 defects (as in Warwicks recent message), I have
come across a more fundamental issue which I would
like to get views.

I have a client who requires to be able to hold signed documents and
their certificates in a long term archive.

This necessitates the validity period of the certificates to be
potentially longer than 50 years.  The current validity period is
encoded in UTCTime which has a 2 digit year, which has to be adjusted
to cater for the century roll over giving a resolution of only 50
years.

Ideally, the validity period should be encoded in generalised
time.  Has anyone else identified similar concerns?

Nick Pope

 -------------------------------------


Security & Standards
Suite A
191 Moulsham St.
Chelmsford
Essex
CM2 0LG
U.K.

Tel: +44 1245 495018
Fax: +44 1245 494517

Prev by Date: DSS certs
Next by Date: Re: DSS certs
Previous by thread: RE: Re[2]: X.509 validity period
Next by thread: Re: X.509 validity period
Index(es):
- Date
- Thread