[db-wg] Proposal for restricting authentication concerning use of revoked and expired GPG ID's in key-cert objects
- Previous message (by thread): [db-wg] Proposal for restricting authentication concerning use of revoked and expired GPG ID's in key-cert objects
- Next message (by thread): [db-wg] Proposal for restricting authentication concerning use of revoked and expired GPG ID's in key-cert objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Edward Shryane
eshryane at ripe.net
Mon Feb 11 17:41:08 CET 2019
Hi Denis, > On 11 Feb 2019, at 16:53, denis walker <ripedenis at yahoo.co.uk> wrote: > > Hi Ed > > Thanks for following up on this. Just one question, have you taken into account time zones? If an update is signed now in Dubai it is 19:51. If the update is processed on Amsterdam time, it is 16:51. Will this update fail because it is 3 hours in the future? > > cheers > denis > co-chair DB-WG > Good question. We rely on the Bouncy Castle cryptography library to provide the signing time for the message, and it does appear to take the timezone into account. I tested by signing a message inside a virtual machine set to a different timezone (EST), and the signature creation time was correctly mapped to the local timezone (within a minute rather than hours). The signed updates in production appear to confirm this - only 24 messages were more than 1 hour old, out of 118,183 (from October to December 2018), and none of these appeared to be offset by a multiple of hours. Regards Ed -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://lists.ripe.net/ripe/mail/archives/db-wg/attachments/20190211/90e0169e/attachment.html>
- Previous message (by thread): [db-wg] Proposal for restricting authentication concerning use of revoked and expired GPG ID's in key-cert objects
- Next message (by thread): [db-wg] Proposal for restricting authentication concerning use of revoked and expired GPG ID's in key-cert objects
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ db-wg Archives ]