pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

proposed UTCT text

1992-04-28 10:45:00
from [Steve Kent] [Permanent Link] 
Folks,

        Based on our recent discussions re UTCT here is a revised page
from 1114F (G?):

Steve
--------------------------------------------------------
PEM-1114F                    Certificate-Based Key Management  April 1992



   authority (ICA, PCA or CA) who vouches for the binding between the
   subject identity and the public key contained in the certificate.




3.3.6  Validity Period

   A certificate carries a pair of date and time indications, indicating
   the start and end of the time period over which a certificate is
   intended to be used.  The duration of the interval may be constant
   for all user certificates issued by a given CA or it might differ
   based on the nature of the user's affiliation.  For example, an
   organization might issue certificates with shorter intervals to
   temporary employees versus permanent employees.  It is recommended
   that the UTCT (Coordinated Universal Time) values recorded here
   specify granularity to no more than the minute, even though finer
   granularity can be expressed in the format.  (6) It also recommended
   that all times be expressed as Greenwich Mean Time (Zulu), to
   simplify comparisons and avoid confusion relating to daylight savings
   time.  Note that UTCT expresses the value of a year modulo 100 (with
   no indication of century), hence comparisons involving dates in
   different centuries must be performed with care.

   The longer the interval, the greater the likelihood that compromise
   of a private component or name change will render it invalid and thus
   require that the certificate be revoked.  Once revoked, the
   certificate must remain on the issuer's CRL (see Section 3.4.3.4)
   until the validity interval expires.  PCAs may impose restrictions on
   the maximum validity interval that may be elected by CAs operating in
   their certification domain (see Appendix B).


_______________
issuer  may  employ  distinct  issuer UIDs in the certificates it
issues, to further  facilitate  selection  of  the  right  issuer
public component.
(6)  Implementors  are  warned that no DER is defined for UTCT in
X.509, thus transformation between local and transfer syntax must
be performed carefully, e.g., when computing the hash value for a
certificate.  For example, a UTCT value which  includes  explict,
zero  values for seconds would not produce the same hash value as
one in which the seconds were omitted.




Kent (BBN)                                                     [Page 10]
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  So What is the DER of UTCTime, Jeffrey I. Schiller
Next by Date:  Re: proposed UTCT text, karger
Previous by Thread:  Two digit year in UTC time, Jeff Thompson
Next by Thread:  Re: proposed UTCT text, karger
Indexes:  [Date] [Thread] [Top] [All Lists]