Date: Mon, 27 Apr 92 9:47:16 EDT
From: John Lowry <jlowry(_at_)BBN(_dot_)COM>
Sender: pem-dev-relay(_at_)TIS(_dot_)COM
...
Personally I don't see the difference between the two although
having a granularity of seconds seems to be useless. My vote
is that you should be ready to parse (and reconstruct) any such
certificate but that it would be silly to generate one.
It is easy to parse whatever comes along, however in order to
reconstruct what you originally got (so you can compute a hash over it)
requires keeping around more information then the simple concept of a
timestamp. Frankly it would require most implementations to effectively
keep around both the original BER that it received as well as the parsed
value (for use in time comparisons). This is do-able, but not elegant.
So... we can do:
1) Define a DER for UTCTime (or define our own time format in order to
include the 4 digit year), which makes reconstruction of the original
BER easy.
2) Require implementations to keep around the original BER as a hedge
against needing it later to recalculate a hash value. In essence this is
the "leave things alone" solution from a protocol/RFC standpoint at the
cost of implementation complexity.
So what *do* we wish to do. I personally don't have a strong opinion one
way or the other, just wanted to point out the problem.
-Jeff