[Top] [All Lists]

Re: MSG-00 Signing-Time Attribute

1997-12-01 13:00:07
I am in the process of adding PKCS#9 attributes that are needed for secure
e-mail to the CMS document.  In the process, I fixed the syntax.  here is
what I did:

10.3  Signing Time

The signing-time attribute type specifies the time at which the signer
(purportedly) performed the signing process. The signing-time attribute
type is intended for use in signed-data.

The signing-time attribute is identified by the following object identifier:

   id-signingTime OBJECT IDENTIFIER ::= { iso(1) member-body(2) 
       us(840) rsadsi(113549) pkcs(1) pkcs9(9) 5 }

Signing-time attribute values have ASN.1 type SigningTime:

SigningTime ::= CHOICE {
  utcTime UTCTime,
  generalTime GeneralizedTime }

Dates through the year 2049 must be encoded as UTCTime, and dates in the
year 2050 or later must be encoded as GeneralizedTime.

A signing-time attribute must have a single attribute value.

No requirement is imposed concerning the correctness of the signing time,
and acceptance of a purported signing time is a matter of a recipient's
discretion. It is expected, however, that some signers, such as time-stamp
servers, will be trusted implicitly.


At 05:42 AM 12/1/97 PST, Scott Hollenbeck wrote:
In section 2.5.1 of the S/MIME v3 Message Specification, it states
that "Sending agents MUST encode signing time through the year 2049
as UTCTime; signing times in 2050 or later MUST be encoded as
GeneralizedTime".  However, the current PKCS #9 syntax for the
signingTime attribute doesn't support a choice:

SigningTime ::= UTCTime

If an updated definition is available somewhere, where is it?
The document doesn't include a reference for attribute definitions.
If an updated definition hasn't been proposed, how about this:

SigningTime ::= CHOICE {
 utcTime           UTCTime,  -- for years 2049 and earlier
 generalizedTime   GeneralizedTime -- for years 2050 and later -- }

Scott Hollenbeck (mailto: hollenbe(_at_)east(_dot_)xsis(_dot_)xerox(_dot_)com)
Xerox Special Information Systems
Arlington, Virginia, USA

<Prev in Thread] Current Thread [Next in Thread>