You are correct that DER is no completely specified for UTCTime. PKIX Part
1 completes the specification to ensure that all UTCTime encodings are
I will add the text from PKIX Part 1 to CMS where UTCTime is used.
At 06:56 PM 8/13/98 +0000, Darren Harter wrote:
Appologies in advance for being slightly off topic for this list, but I
believe this topic is of interest to all involved with digital signatures,
if not explicitly for S/MIME.
X.208 and X.680 specify that UTC time may carry precision to either minutes
or seconds. This means that mid-day on the 1 September this year (ignoring
locales) would be encoded as either 9809011200Z with minute precision or
980901120000Z with second precision.
One second after being encoded as either 9809011200Z or 980901120001Z.
X.209 and X.690 do not alter the definition of UTCTime in specifiying DER,
and DER is therefore not distinguished! This is a reasonably well known
problem and has resulted in a specific clauses in many specs (including
PKIX-1) stating whether second or minute precision should be used.
I have two questions:
1) Within S/MIME we inherit the rules of PKIX-1 for Certificates, CRLs
etc. which clearly states that second precision is required. Do/Should we
have a statement in the S/MIME specs that reiterate this position?
2) Has this issue been resolved in the latest ASN.1 specs, or in a
technical corrigenda that I may have missed? If so does anybody have a
reference for it?
CASM Programme Office