Russell Selph wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Actually, as far as I can tell, it's an ASN.1 problem. (And therefore an
> X.509 problem.) It looks like the ASN.1 UTCTIME type only supports two
> digit years. OPENSSL makes the assumption that any year less than 70 is
> in the range 2000-2069, while any year greater than 69 is in the range
> 1970-1999.
>
> Can anyone shed light on whether this is part of the ASN.1 standard for
> UTCTIME? Even better, does anyone know if any other kind of date is
> useable in X.509 certs? Do other packages use the same cutoff year?
>
> Of course, we know that nobody will still be using this software in 2070,
> so it shouldn't be a problem anyway. Right? Ahem. :^O
I seem to remember that PKIX decided that <50 was 20xx and >50 was 19xx
(I know I've left out 50, I can't remember which way it went) and that
we should use 4 digit in all new stuff.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
- Indira Gandhi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
