Re: validity dates in latest draft-ietf-pkix-ipki-part1-03

["Housley, Russ" <housley@xxxxxxxxxx>]

Anil:

The CHOICE proposal has been submitted to the ISO/ITU-T folks working on 
Directory standards.  We see no reason why the change to the syntax will 
not be accepted.  If it is not accepted, a paragraph pointing out the 
difference will be added to the profile.

At the PKIX Working Group meeting in San Jose, several people raised 
concerns about the "sliding window" approach.  It was agreed to change this 
portion of the profile.  It was agreed that dates with years before 2051 
will be encoded as UTCTime, and dates with years after 2050 will be encoded 
as GeneralizedTime.  Thus, there will be only one way to encode any 
particular date.

Russ

______________________________ Reply Separator _________________________________
Subject: validity dates in latest draft-ietf-pkix-ipki-part1-03.txt
Author:  gangolli@netscape.com
Date:    12/25/96 3:12 AM


The document presents the proposed validity date 
CHOICE UTCTime/GeneralizedTime as if it were part of 
the X.509 v3 definition.

Did this in fact make it into the latest X.509 v3 Amendments? 
If this is in fact not in the X.509 v3 spec, the document needs 
to call this out as a IETF/IPKI difference.

In addition, the following should be noted:

- Between 2005 and 2015 one cannot obtain a DER encoding by knowing
  the (abstract) time values alone.  (Two choices are possible.) This 
  breaks DER principles (though most current usage does not rely on this 
  stringent value-implies-encoding property).  You need to have a
  single changeover date if you want to preserve this property.

- The section on GeneralizedTime should be numbered 4.1.2.5.2.
  (There are two sections currently numbered 4.1.2.6)


-anil.