I am in the process of adding PKCS#9 attributes that are needed for secure
e-mail to the CMS document. In the process, I fixed the syntax. here is
what I did:
10.3 Signing Time
The signing-time attribute type specifies the time at which the signer
(purportedly) performed the signing process. The signing-time attribute
type is intended for use in signed-data.
The signing-time attribute is identified by the following object identifier:
id-signingTime OBJECT IDENTIFIER ::= { iso(1) member-body(2)
us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 }
Signing-time attribute values have ASN.1 type SigningTime:
SigningTime ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
Dates through the year 2049 must be encoded as UTCTime, and dates in the
year 2050 or later must be encoded as GeneralizedTime.
A signing-time attribute must have a single attribute value.
No requirement is imposed concerning the correctness of the signing time,
and acceptance of a purported signing time is a matter of a recipient's
discretion. It is expected, however, that some signers, such as time-stamp
servers, will be trusted implicitly.
Russ
At 05:42 AM 12/1/97 PST, Scott Hollenbeck wrote:
In section 2.5.1 of the S/MIME v3 Message Specification, it states
that "Sending agents MUST encode signing time through the year 2049
as UTCTime; signing times in 2050 or later MUST be encoded as
GeneralizedTime". However, the current PKCS #9 syntax for the
signingTime attribute doesn't support a choice:
SigningTime ::= UTCTime
If an updated definition is available somewhere, where is it?
The document doesn't include a reference for attribute definitions.
If an updated definition hasn't been proposed, how about this:
SigningTime ::= CHOICE {
utcTime UTCTime, -- for years 2049 and earlier
generalizedTime GeneralizedTime -- for years 2050 and later -- }
----->
Scott Hollenbeck (mailto: hollenbe(_at_)east(_dot_)xsis(_dot_)xerox(_dot_)com)
Xerox Special Information Systems
Arlington, Virginia, USA