ietf-822
[Top] [All Lists]

SMTP implementations omitting Seconds in the Received time-stamp

2004-03-29 17:50:57

I'm a member of the ASRG's Filtering sub-group, and we are considering implementing a header that references the timestamp recorded in the Received headers of a message. We want to use knowledge of the exact value of this timestamp to authenticate that a filtering header was added after a particular Received header. However, it has come to our attention that RFC2822 permits the omission of seconds from this timestamp [1]. This presents a slight, but not discountable, forgery risk.

Therefore, I'd like to ask if anyone here knows of any SMTP server implementation that does not include seconds in the trace field. Please forward this to any other person or list who would be (more?) qualified to answer. I will collect and report any affirmative responses here and in the filtering group.

Thank you for your time.

Sincerely,
Philip Miller

[1] http://asg.web.cmu.edu/rfc/rfc2822.html#sec-3.3
The relevant BNF line is:
time-of-day = hour ":" minute [ ":" second ]


<Prev in Thread] Current Thread [Next in Thread>
  • SMTP implementations omitting Seconds in the Received time-stamp, Philip Miller <=