Linus Torvalds <torva...@linux-foundation.org> wrote: > Side note: the key handling extra checks seem pretty pointless too.
Except that it has been argued that they have to be there or someone can use dates that contribute to the signature to fake a signed content. Admittedly being able to have a seconds=60 value in somewhere that should stop at 59 doesn't allow a lot of contribution... > There's no reason to have those "some time formats allow 60 seconds, > some don't". Feel free to explain that to the people who drafted the ASN.1 standards. Maybe they'll listen to you... > And you know what? If somebody decides that they want to have a key > that says it was done at some nonsensical time like 24:30:60, just let > it go. Just accept it. It's not your problem. I've been told that it's a security hole. David -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html