RE: Brown draft feedback on time stamping and on criticality flags

"John Boyer" <jboyer@uwi.com> on 07/28/99 02:59:16 PM

To:   Tom Gindin/Watson/IBM@IBMUS
cc:   "DSig Group" <w3c-ietf-xmldsig@w3.org>
Subject:  RE: Brown draft feedback on time stamping and on criticality flags





Hi Tom,

Thanks.  I got the parts about UTC from the Brown draft, which includes an
example.
My question actually was, when one says -0500, for example, is that Eastern
Standard Time or Central Daylight Time?  Given that many time zones contain
regions that don't observe daylight savings time (scourge that it is), it
seems prudent to include this information since calculations made at a later
time by a verifier will not be sufficient if based on date calculations
only.

[Tom Gindin]   I don't understand why it matters whether one considers 7:30 PM
local time in the summer in Indiana as EST (Indianapolis) or CDT (Gary).  The
date calculation will work the same way in either case.

As for the DER requiring GMT, it seems interesting that the designers of DER
did not account for this. It still seems necessary to have the daylight
savings time setting in effect when the user signed in order to properly
figure out the local time (and hence possibly the local date) of when the
signer effected the signature.

[Tom Gindin]   Frankly, I think they just wanted to specify the actual time in
these attributes.  The locality would, if relevant, be a separate attribute.
So, should there be a field called SigningLocation to display this?  Such a
field would contain the Country (mandatory), StateOrProvince (optional),
Locality (optional), Street Address (optional) and Time Zone (optional).

John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company

-----Original Message-----
From: w3c-ietf-xmldsig-request@w3.org
[mailto:w3c-ietf-xmldsig-request@w3.org]On Behalf Of tgindin@us.ibm.com
Sent: Wednesday, July 28, 1999 11:31 AM
To: John Boyer
Cc: Richard Brown; DSig Group
Subject: Re: Brown draft feedback on time stamping and on criticality
flags




"John Boyer" <jboyer@uwi.com> on 07/28/99 02:02:30 PM

To:   "Richard Brown" <rdbrown@globeset.com>
cc:   "DSig Group" <w3c-ietf-xmldsig@w3.org>
Subject:  Brown draft feedback on time stamping and on criticality flags





I have a copy of the Brown Draft dated 18 June 1999, which I hope is pretty
much the latest.

It seems to be always easy to find whatever I'm looking for in this draft!

Regarding criticality flags in the attributes, I seem to recall there being
a fair bit of aversion at and around the initial workshop on whether we
should have criticality flags.  The persons who expressed this opinion
seemed to have a great deal of experience with prior security protocols.
What were the problems, and have they been overcome?  Since the criticality
flags are either still included or have returned (I don't know which), I
assume there was a resolution.  What was it?

Regarding time/date stamping, it follows some ISO standard I don't have
(URL?), but that standard doesn't seem to include information on whether or
not the signer uses daylight savings time.  (Not that the verifier should
trust signer time settings).  Perhaps UTC time is different from GMT, but
whenever we go on daylight savings time here on the Pacific Coast, our
offset changes from 0800 to 0700 relative to GMT.  Does the same thing
happen with UTC?  If so, it could make things a fair bit easier for
programmers (very many of whom don't know about this little hiccup) to
produce the correct local time.

[Tom Gindin]   The ASN.1 UTC and GeneralizedTime formats both include a time
zone indicator: Z for GMT, +hhmm for east of GMT, -hhmm for west of GMT
(-0700
for Pacific Daylight Time and -0800 for PST, for example).  However, the DER
encoding requires that you use GMT specifically.

Thanks,
John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company

Received on Wednesday, 28 July 1999 16:40:11 UTC