Local time from John Boyer on 1999-07-28 (w3c-ietf-xmldsig@w3.org from July to September 1999)

From: John Boyer <jboyer@uwi.com>
Date: Wed, 28 Jul 1999 13:41:03 -0700
To: <tgindin@us.ibm.com>
Cc: "DSig Group" <w3c-ietf-xmldsig@w3.org>
Message-ID: <NDBBLAOMJKOFPMBCHJOIKEGOCAAA.jboyer@uwi.com>

West is negative.  Right!  OK.  So what you're saying is that it is the
local time/date recorded, with the -0700 being the adjustment to get back to
GMT.  Yes, that will do for the XML spec.

Still, that leaves the DER problem?  Without the local time, it seems like
those time stamps are problematic.  Is there something as obvious as above
that I'm missing here too?

John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company


-----Original Message-----
From: w3c-ietf-xmldsig-request@w3.org
[mailto:w3c-ietf-xmldsig-request@w3.org]On Behalf Of tgindin@us.ibm.com
Sent: Wednesday, July 28, 1999 11:31 AM
To: John Boyer
Cc: Richard Brown; DSig Group
Subject: Re: Brown draft feedback on time stamping and on criticality
flags




"John Boyer" <jboyer@uwi.com> on 07/28/99 02:02:30 PM

To:   "Richard Brown" <rdbrown@globeset.com>
cc:   "DSig Group" <w3c-ietf-xmldsig@w3.org>
Subject:  Brown draft feedback on time stamping and on criticality flags





I have a copy of the Brown Draft dated 18 June 1999, which I hope is pretty
much the latest.

It seems to be always easy to find whatever I'm looking for in this draft!

Regarding criticality flags in the attributes, I seem to recall there being
a fair bit of aversion at and around the initial workshop on whether we
should have criticality flags.  The persons who expressed this opinion
seemed to have a great deal of experience with prior security protocols.
What were the problems, and have they been overcome?  Since the criticality
flags are either still included or have returned (I don't know which), I
assume there was a resolution.  What was it?

Regarding time/date stamping, it follows some ISO standard I don't have
(URL?), but that standard doesn't seem to include information on whether or
not the signer uses daylight savings time.  (Not that the verifier should
trust signer time settings).  Perhaps UTC time is different from GMT, but
whenever we go on daylight savings time here on the Pacific Coast, our
offset changes from 0800 to 0700 relative to GMT.  Does the same thing
happen with UTC?  If so, it could make things a fair bit easier for
programmers (very many of whom don't know about this little hiccup) to
produce the correct local time.

[Tom Gindin]   The ASN.1 UTC and GeneralizedTime formats both include a time
zone indicator: Z for GMT, +hhmm for east of GMT, -hhmm for west of GMT
(-0700
for Pacific Daylight Time and -0800 for PST, for example).  However, the DER
encoding requires that you use GMT specifically.

Thanks,
John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company

Received on Wednesday, 28 July 1999 16:55:55 UTC