Jeff,
I'm leary of changing the certificate format to employ a
different time value. One can make a good argument that there should
be a DER defintion for UTCT, and that would distinguish between times
expressed with "00" seconds and no seconds, for example. That's a
possibility for a defect report, but I understand that the 1992
version of X.208 reviews the whole DER situation anyway.
Perahps the best approach is to warn implementors of the need
to retain the UTCT value info in a form which allows later
recomputation of of the certificate hash, pointing out the possible
hazzards. This allows them the freedom to retain the encoded form for
later use or do whatever they prefer, so long as the externally
visible effect is the same.
We also con point out the lack of century indication and warn
folks of the need to accommodate this lack in performing comparisons
across century boundaries.
All in favor ...
Steve