[jira] Resolved: (JDKIM-15) Support timestamp (t=) attribute in signature

Tue, 08 Jun 2010 15:12:35 -0700 

     [ 
https://issues.apache.org/jira/browse/JDKIM-15?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Stefano Bagnara resolved JDKIM-15.
----------------------------------

    Resolution: Fixed

In the signer If a signature template includes an empty "t=;" value now the 
signature is automatically filled with the current timestamp.

In the verifier if a signature include a t= parameter with a value in the 
future then the signature is ignored. (the specs say we "MAY" ignore: I don't 
see much value in making this configurable) 

> Support timestamp (t=) attribute in signature
> ---------------------------------------------
>
>                 Key: JDKIM-15
>                 URL: https://issues.apache.org/jira/browse/JDKIM-15
>             Project: JAMES jDKIM
>          Issue Type: Improvement
>          Components: library
>    Affects Versions: 0.2
>            Reporter: Stefano Bagnara
>            Assignee: Stefano Bagnara
>             Fix For: 0.2
>
>
> t=
>     Signature Timestamp (plain-text unsigned decimal integer; RECOMMENDED, 
> default is an unknown creation time). The time that this signature was 
> created. The format is the number of seconds since 00:00:00 on January 1, 
> 1970 in the UTC time zone. The value is expressed as an unsigned integer in 
> decimal ASCII. This value is not constrained to fit into a 31- or 32-bit 
> integer. Implementations SHOULD be prepared to handle values up to at least 
> 10^12 (until approximately AD 200,000; this fits into 40 bits). To avoid 
> denial-of-service attacks, implementations MAY consider any value longer than 
> 12 digits to be infinite. Leap seconds are not counted. Implementations MAY 
> ignore signatures that have a timestamp in the future.
>     ABNF:
>             sig-t-tag    = %x74 [FWS] "=" [FWS] 1*12DIGIT
> If the input signature has "t=;" then we could add the current timestamp, 
> otherwise we should leave everything as is.
> While verifying a signature with a t= parameter we should "ignore" signatures 
> with a date in the future.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to