John Jetmore wrote:
I implemented something like this using $tod_epoch w/ the last 3 digits
replaced w/ zeros (modulo operator wasn't implemented when I originally
did this), giving ~16.6 minute granularity, which was about right for what
I was trying to do. As you point out, I also had to try the previous
entry ($tod_epoch-1000). Seems to have worked as expected.
Include the timestamp in the signature, and also in cleartext beside it.
That way, you can use the signature to verify the timestamp, and then
use the cleartext verified timestamp to make the policy decision about
how old a signature can be before it's rejected. This way, when you
reject a timestamp that's too old, you can log it accurately instead of
just logging "signature incorrect".
- Marc
--
## List details at http://www.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://www.exim.org/eximwiki/
