Hello.
I'm having a bit of trouble implementing RFC 6486 (RPKI Manifests).
In section 4.2, 6486 defines thisUpdate and nextUpdate as GeneralizedTimes:
Manifest ::= SEQUENCE {
(...)
thisUpdate GeneralizedTime,
nextUpdate GeneralizedTime,
(...)
}
(https://tools.ietf.org/html/rfc6486#section-4.2)
During section 4.2.1, it further states the following:
thisUpdate:
This field contains the time when the manifest was created. This
field has the same format constraints as specified in [RFC5280]
for the CRL field of the same name.
Problem: RFC 5280 (https://tools.ietf.org/html/rfc5280#section-5.1)
defines both CRL fields as Times, not as GeneralizedTimes.
Time ::= CHOICE {
utcTime UTCTime,
generalTime GeneralizedTime }
(...)
TBSCertList ::= SEQUENCE {
(...)
thisUpdate Time,
nextUpdate Time OPTIONAL,
(...) }
Further, 5280 states that the usage choice is not arbitrary, but
rather, depends on the value that's being conveyed:
CRL issuers conforming to this profile MUST encode thisUpdate as
UTCTime for dates through the year 2049. CRL issuers conforming to
this profile MUST encode thisUpdate as GeneralizedTime for dates in
the year 2050 or later. Conforming applications MUST be able to
process dates that are encoded in either UTCTime or GeneralizedTime.
What I find really strange is that 5280 has rather little to say about
thisUpdate in particular, aside from its apparent contradiction to
6486. So when 6486 does little more than reference 5280... what am I
supposed to implement?
Thanks in advance,
Alberto
_______________________________________________
sidr mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/sidr
