In message <[EMAIL PROTECTED]>, Ben Laurie writes:
>
> I seem to remember that PKIX decided that <50 was 20xx and >50 was 19xx
> (I know I've left out 50, I can't remember which way it went) and that
> we should use 4 digit in all new stuff.
Not quite.
After the usual Huge Argument, It was decided that 2050 or greater should use
GeneralizedTime, and <2050 should continue to use UTCTime. This way, if you
convert a certificate to internal format and back to DER, you get the same DER
without having to remember which Time format was used, which simplifies
signature verification.
--
C. Harald Koch <[EMAIL PROTECTED]>
"It takes a child to raze a village."
-Michael T. Fry
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
