Re: Ambiguity of DER encoding of UTCTime

1998-08-13 11:47:19
On Thu, 13 Aug 1998, Darren Harter wrote:

Appologies in advance for being slightly off topic for this list, but I
believe this topic is of interest to all involved with digital signatures,
if not explicitly for S/MIME.

X.208 and X.680 specify that UTC time may carry precision to either minutes
or seconds.  This means that mid-day on the 1 September this year (ignoring
locales) would be encoded as either 9809011200Z with minute precision or
980901120000Z with second precision.

One second after being encoded as either 9809011200Z or 980901120001Z.

X.209 and X.690 do not alter the definition of UTCTime in specifiying DER,
and DER is therefore not distinguished!  This is a reasonably well known
problem and has resulted in a specific clauses in many specs (including
PKIX-1) stating whether second or minute precision should be used.

I have two questions:

1)    Within S/MIME we inherit the rules of PKIX-1 for Certificates, CRLs
etc. which clearly states that second precision is required.  Do/Should we
have a statement in the S/MIME specs that reiterate this position?

2)    Has this issue been resolved in the latest ASN.1 specs, or in a
technical corrigenda that I may have missed? If so does anybody have a
reference for it?

A technical corrigendum to X.690 that addresses this matter was issued two
or three years ago.  The 1997 version of X.690 incorporates it:

11.8    UTCTime

11.8.1  The encoding shall terminate with "Z", as described in the ITU-T X.680 
        ISO/IEC 8824-1 clause on UTCTime.

11.8.2  The seconds element shall always be present.

11.8.3  Midnight (GMT) shall be represented in the form:


        where "YYMMDD" represents the day following the midnight in question.

11.8.4  Examples of valid representations




11.8.5  Examples of invalid representations

            "920520240000Z"         (midnight represented incorrectly)

            "9207221321Z"           (seconds of 00 omitted)

