Re: signatures vs sf-date

On Fri, Dec 02, 2022 at 02:25:32PM +0000, Justin Richer wrote:
> It could, but I don’t think it’s worth delaying signatures over. There
> are two timestamp fields (created and expires) with clear semantics,

- If signature is created during (positive) leap second, then the
  previous second is written as creation time[1], right?

- The expires is exclusive endpoint[2] (e.g., expiry at 2400Z is
  marked as expiry on 0000Z the next day), right? 

[1] All the APIs that give unix timestamps I have seen work this way.
However, adjtimex() (it does not just set the clock, it can get the
clock as well) return value can be used to correct the clock.

[2] One would think that expiry times are always exclusive, but X.509
has inclusive expiry time (e.g., expiry at 2400Z is marked as expiry
on 235959Z the same day).


Received on Friday, 2 December 2022 15:01:44 UTC