Mailing List Archive: GnuPG: users

public newer than the signature

Index | Next | Previous | View Threaded

mlisten at hammernoch

Aug 9, 2008, 4:14 AM

Post #1 of 14 (280 views)
Permalink

public newer than the signature

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello,

the last weeks, when importing public keys I sometimes get:

"Öffentlicher Schlüssel %s ist %lu Sekunden jünger als die Unterschrift"

in english:

"public key %s is %lu second newer than the signature"

The indicated time interval is very large. What's running wrong? I tried
googling, but found nothing useful. I'm using gpg 1.4.9 on Mac OS X.

TIA

Ludwig
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBSJ18ElYnpxVXVowdAQpfaQf/e/Tg11byh7b5WKRtuOQu5elW/7kHF1GU
4HhW/+JktIa4fXt9kLU5Hm2j/AYS0UHO/qB0TdICwWhY67DyiQpXzeppkBGREeLE
ECujLg7seVXXMw5SqOM5r6+le4lkH08gXNIgz10CNvOn2LKd92JU04iIog3Tce+4
zWv2OW1iQ7QkRhUusdYbI1nYWfk9mG5ZFhy4+vCZvJgjvIubabb48AhQazaRRlQn
oCUGoefyja/XvvDa/P/qYU49qZtOjZ3yWc1DyXRlkbsup97+3GEh+6IeON7KZaLy
H3TbSVFDe2pmoPCKjHMz3G2ruylXvzpUHhsd4tRcv9QWnR/So5TlUQ==
=DYnB
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users[at]gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

mlisten at hammernoch

Aug 10, 2008, 10:27 AM

Post #2 of 14 (264 views)
Permalink

Re: public key newer than the signature [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Ludwig Hügelschäfer wrote on 09.08.2008 13:14 Uhr:
> Hello,
>
> the last weeks, when importing public keys I sometimes get:
>
> "Öffentlicher Schlüssel %s ist %lu Sekunden jünger als die Unterschrift"
>
> in english:
>
> "public key %s is %lu second newer than the signature"
>
> The indicated time interval is very large. What's running wrong? I tried
> googling, but found nothing useful. I'm using gpg 1.4.9 on Mac OS X.

When a routinely trust-db check took place today, I got the message:

Öffentlicher Schlüssel FAEBD5FC ist 32370053 Sekunden jünger als die
Unterschrift

I assume, FAEBD5FC is very well known and in a lot of keyrings. Can
somebody check please? 32370053 seconds is 374,6533912037 days, 9 more
than a year...

Greetings

Ludwig
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBSJ8lF1YnpxVXVowdAQqfuggA0N+5rHF8SpUOYeG2IuQ2PxBRNnGPTw5n
OzH3VMIhI33UKuvoMOzLU3QGo5jnoHF+0W4LkvVbzd8dwICWEgcRVqGbwg4r5nnK
QjKxq1eVFAQL91EfL1jUqMN12drx466GPgykGMdI5JUTYqohLHVJ2Yg3LDbKH1hS
FSCkBalGFCzWqhoqmO4sk/hnYg/PAekHiittHVQ+oxVjqIK/NIE5AHQyi9wcBnax
x5ssSTL9B+dBStObW+eTF2o7g7U8fQfq+GSrd85tXcXChH4iOystOKdI9TIYOVve
Laxu1qB8GsepQOj5bZUCvLxGKc8YE2JK3mirnw89p1e6c1JaHCEaDA==
=gmG3
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users[at]gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

shavital at mac

Aug 10, 2008, 2:04 PM

Post #3 of 14 (263 views)
Permalink

Re: public key newer than the signature [In reply to]

Ludwig Hügelschäfer wrote the following on 8/10/08 1:27 PM:
> Ludwig Hügelschäfer wrote on 09.08.2008 13:14 Uhr:
>> Hello,
>
>> the last weeks, when importing public keys I sometimes get:
>
>> "Öffentlicher Schlüssel %s ist %lu Sekunden jünger als die Unterschrift"
>
>> in english:
>
>> "public key %s is %lu second newer than the signature"
>
>> The indicated time interval is very large. What's running wrong? I tried
>> googling, but found nothing useful. I'm using gpg 1.4.9 on Mac OS X.
>
> When a routinely trust-db check took place today, I got the message:
>
> Öffentlicher Schlüssel FAEBD5FC ist 32370053 Sekunden jünger als die
> Unterschrift
>
> I assume, FAEBD5FC is very well known and in a lot of keyrings. Can
> somebody check please? 32370053 seconds is 374,6533912037 days, 9 more
> than a year...
>

This is what I get:

$ gpg --recv-key FAEBD5FC
gpg: requesting key FAEBD5FC from hkp server keyserver.kjsl.com
gpg: key FAEBD5FC: public key "Philip R. Zimmermann <prz[at]pgp.com>" imported
gpg: key FAEBD5FC: public key "Philip R. Zimmermann <prz[at]acm.org>" imported
gpg: public key FAEBD5FC is 37319134 seconds newer than the signature
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0 valid: 30 signed: 123 trust: 0-, 0q, 0n, 0m, 0f, 30u
gpg: depth: 1 valid: 123 signed: 61 trust: 3-, 3q, 0n, 36m, 81f, 0u
gpg: depth: 2 valid: 45 signed: 96 trust: 1-, 1q, 2n, 25m, 16f, 0u
gpg: depth: 3 valid: 6 signed: 20 trust: 0-, 0q, 0n, 4m, 2f, 0u
gpg: depth: 4 valid: 3 signed: 4 trust: 0-, 0q, 0n, 1m, 2f, 0u
gpg: next trustdb check due at 2008-08-17
gpg: Total number processed: 2
gpg: imported: 2

Now with a different keyserver:

$ gpg --recv-key FAEBD5FC
gpg: requesting key FAEBD5FC from hkp server subkeys.pgp.net
gpg: key FAEBD5FC: "Philip R. Zimmermann <prz[at]pgp.com>" not changed
gpg: key FAEBD5FC: no user ID for key signature packet of class 10
gpg: key FAEBD5FC: no user ID for key signature packet of class 10
gpg: key FAEBD5FC: no user ID for signature
gpg: Total number processed: 2
gpg: unchanged: 1

Now another keyserver:
$ gpg --recv-key FAEBD5FC
gpg: requesting key FAEBD5FC from hkp server pgp.uni-mainz.de
gpg: key FAEBD5FC: "Philip R. Zimmermann <prz[at]pgp.com>" not changed
gpg: key FAEBD5FC: no user ID for key signature packet of class 10
gpg: key FAEBD5FC: no user ID for key signature packet of class 10
gpg: key FAEBD5FC: no user ID for signature
gpg: Total number processed: 2
gpg: unchanged: 1

gpg --edit-key FAEBD5FC
gpg (GnuPG) 1.4.9; Copyright (C) 2008 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

pub 1024D/FAEBD5FC created: 1998-06-13 expires: never usage: SCA
trust: undefined validity: unknown
sub 2048g/5481FA99 created: 2000-03-11 expires: never usage: E
[ unknown] (1). Philip R. Zimmermann <prz[at]pgp.com>

Command> check
uid Philip R. Zimmermann <prz[at]pgp.com>
sig! X 61D7341D 2003-09-07 Dave J. (Scoop0901)
<scoop0901[at]scoop0901.net>
sig! FAEBD5FC 2000-03-11 [self-signature]

At every trustdb check, that key FAEBD5FC comes up with
'gpg: public key FAEBD5FC is 37319134 seconds newer than the signature'

Why?:
gpg: Total number processed: 2
gpg: unchanged: 1

Shouldn't it be: .....Total number processed: 1 (and not 2)?

"unchanged: 1" - At every download from a key server, *two* keys are
processed, and one of them has something new?

The primary key was created on 1998-06-13 never expires.
The encryption subkey was created 2000-03-11 never expires, and there is
a self signature dated 2000-03-11. Could that be a signature for the
modification of the subkey's expiration date?

And ...no user ID for signature... ?

I have no answers, only questions.

Charly

_______________________________________________
Gnupg-users mailing list
Gnupg-users[at]gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

bahamutzero8825 at gmail

Aug 10, 2008, 2:08 PM

Post #4 of 14 (263 views)
Permalink

Re: public key newer than the signature [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Ludwig Hügelschäfer wrote:
| I assume, FAEBD5FC is very well known and in a lot of keyrings. Can
| somebody check please? 32370053 seconds is 374,6533912037 days, 9 more
| than a year...
|
| Greetings
|
| Ludwig
It wasn't originally on my keyring, but I got a copy from
pool.sks-keyservers.net, and it says it was created March 10, 2000.
The name associated is Phillip R. Zimmerman (email prz[at]pgp.com), and the
fingerprint is 783B 3627 1976 8F4D 8633 2E06 19B0 FF60 FAEB D5FC (just
to make sure we are talking about the same key).
- --
Key ID: 0xF88E034060A78FCB
Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB
Windows NT 6.0.6001.18000 | GPG 1.4.9 | Thunderbird 2.0.0.14 | Enigmail
0.95.6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBAwAGBQJIn1i3AAoJEPiOA0Bgp4/L4QkIAMg7sFfKTQi0phJIbENKv+K3
rVvU1dURt/5GKK2BjJjMur/cxrNDBNIFO8q7xIerB1PMql86ZDMX/J7kS7UCwt7f
ytYlLtCIhZ1473f4vXrwUuHVwM1NN4WZNxmGn2CGdEtQyy+MIS+WGP+GHQGzzTdv
e6QLctAPSYVlSKPdelGibHuwFl7vEf0kilcMEZTs/b0638JQo6nSZUR6WW9YAbgk
ut5RSYRn9HC28nQkcAy90bQSXhenlgg5aRLc9zVLv+mX3HBkttxOj2hhgJHaK1H+
FOnDWQb/sK1Cn52PG2oQBDQhu8zW4hHYLnWHmbCQj7H+4XmH8D/EUOl7g6tSvzg=
=GJkh
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users[at]gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

apple at royds

Aug 10, 2008, 3:16 PM

Post #5 of 14 (270 views)
Permalink

Re: public key newer than the signature [In reply to]

On 10-Aug-08, at 17:04 , Charly Avital wrote:

> Command> check
> uid Philip R. Zimmermann <prz[at]pgp.com>
> sig! X 61D7341D 2003-09-07 Dave J. (Scoop0901)
> <scoop0901[at]scoop0901.net>
> sig! FAEBD5FC 2000-03-11 [self-signature]
>
>
>
> At every trustdb check, that key FAEBD5FC comes up with
> 'gpg: public key FAEBD5FC is 37319134 seconds newer than the
> signature'
>
> Why?:
> gpg: Total number processed: 2
> gpg: unchanged: 1
>
>
> Shouldn't it be: .....Total number processed: 1 (and not 2)?
>
> "unchanged: 1" - At every download from a key server, *two* keys are
> processed, and one of them has something new?
>
> The primary key was created on 1998-06-13 never expires.
> The encryption subkey was created 2000-03-11 never expires, and
> there is
> a self signature dated 2000-03-11. Could that be a signature for the
> modification of the subkey's expiration date?
>
> And ...no user ID for signature... ?
>
> I have no answers, only questions.
>
> Charly

Phil Zimmerman is the developer of PGP so his key was the very first
one issued. I wonder if there is a rollover problem with one of the
fields in the key?

_______________________________________________
Gnupg-users mailing list
Gnupg-users[at]gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

faramir.cl at gmail

Aug 11, 2008, 1:28 AM

Post #6 of 14 (257 views)
Permalink

Re: public newer than the signature [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Ludwig HÃ¼gelschÃ¤fer escribiÃ³:
> Hello,
>
> the last weeks, when importing public keys I sometimes get:
>
> "Ã–ffentlicher SchlÃ¼ssel %s ist %lu Sekunden jÃ¼nger als die Unterschrift"
>
> in english:
>
> "public key %s is %lu second newer than the signature"

Look at this (message got from GPGshell when I was checking postgreSQL
installer)

gpg: Firmado el 06/09/08 06:47:47
gpg: usando DSA clave 0x1A19643B
gpg: solicitando clave 0x1A19643B de hkp servidor pool.sks-keyservers.net
gpg: clave 0x1A19643B: clave pÃºblica "Dave Page <dpage[at]postgresql.org>"
importada
gpg: la clave pÃºblica 0xFAEBD5FC es 37319134 segundos mÃ¡s nueva que la firma

Which means:
The signature is from 06/09/08 06:47:47
...
The public key is 37319134 seconds newer than the signature.

But when I checked the key info, it was created on 12-06-2003, so there
is no way the key can be newer than the signature.

Then I began to think... what does 06/09/08 mean? Here (at Chile), that
would mean September 6, 2008. But on USA, that means June 09, 2008.
Clearly, since we are at August 11, 2008, the time format in the output
message is mm/dd/yy. But my windows is using dd/mm/yyyy, so, maybe at
some point, something (gpg, or gpgshell, or maybe the function that gets
the current date) is taking mm/dd/yy as if it was dd/mm/yy, causing the
whole date calculation function to go crazy...

That is only my guess... but maybe...

Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIn/gbAAoJEMV4f6PvczxATT0H/0ohndV5+vDssl+8c1+CWke8
DbJckj1Qh3Vlsdm584j/aJzAhnN5wsQ56xroKqT58ipLG7aK/t5DjTnftVn9jFYT
AxJT400EMn+Zl1/0JZJ1DB5M5NxFPIIUGyqMa7bEw5VXvmEFrTPx9vnbIfVEknHk
oSNJue9yEyMJQODJBUHsUG7HU0+/DyVj+5kZfpY/PK5+B2MgRAOFPN8p/fU2+Gv+
cMfQkREJRkDZFcuvSXN8UeXNe8DFXKBnOS+vq0HUENViqtioVL5r021rZRGK+Odu
AIQazGsBULS2KHGWuS3Yv2/ZNuRTTlviH8FTJqlzcrWFaV476GAUPad450a525Y=
=HfVn
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users[at]gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

bahamutzero8825 at gmail

Aug 12, 2008, 4:43 PM

Post #7 of 14 (243 views)
Permalink

Re: public newer than the signature [In reply to]

Faramir wrote:
> Then I began to think... what does 06/09/08 mean? Here (at Chile), that
> would mean September 6, 2008. But on USA, that means June 09, 2008.
> Clearly, since we are at August 11, 2008, the time format in the output
> message is mm/dd/yy. But my windows is using dd/mm/yyyy, so, maybe at
> some point, something (gpg, or gpgshell, or maybe the function that gets
> the current date) is taking mm/dd/yy as if it was dd/mm/yy, causing the
> whole date calculation function to go crazy...

Time for computers is generally just the number of seconds since January
1, 1970 at 12:00:00 UTC if I'm not mistaken. Date formats are derived
from that and displayed according to the user's preference.
--
Key ID: 0xF88E034060A78FCB
Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB
Windows NT 6.0.6001.18000 | GPG 1.4.9 | Thunderbird 2.0.0.14 | Enigmail
0.95.6

_______________________________________________
Gnupg-users mailing list
Gnupg-users[at]gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

rjh at sixdemonbag

Aug 12, 2008, 8:16 PM

Post #8 of 14 (241 views)
Permalink

Re: public newer than the signature [In reply to]

Andrew Berg wrote:
> Time for computers is generally just the number of seconds since January
> 1, 1970 at 12:00:00 UTC if I'm not mistaken.

Time for UNIX systems is generally this way. Win32 and MacOS (pre-OS X)
have their own ways of storing time.

It is ridiculously hard to come up with a robust time and date standard.
This is why there are so many different, conflicting implementations
out there.

Note that in some instances, GnuPG will use an ISO date format as
opposed to seconds-since-Epoch.

_______________________________________________
Gnupg-users mailing list
Gnupg-users[at]gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

bahamutzero8825 at gmail

Aug 12, 2008, 8:31 PM

Post #9 of 14 (240 views)
Permalink

Re: public newer than the signature [In reply to]

Robert J. Hansen wrote:
> It is ridiculously hard to come up with a robust time and date standard.
Why is that?

> Note that in some instances, GnuPG will use an ISO date format as
> opposed to seconds-since-Epoch.
Is this for non-Unix-like systems or is it something completely different?
--
Key ID: 0xF88E034060A78FCB
Fingerprint: 4A84 CAE2 A0D3 2AEB 71F6 07FD F88E 0340 60A7 8FCB
Windows NT 6.0.6001.18000 | GPG 1.4.9 | Thunderbird 2.0.0.14 | Enigmail
0.95.6

_______________________________________________
Gnupg-users mailing list
Gnupg-users[at]gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

faramir.cl at gmail

Aug 12, 2008, 9:39 PM

Post #10 of 14 (240 views)
Permalink

Re: public newer than the signature [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Andrew Berg escribiÃ³:
> Faramir wrote:
>> Then I began to think... what does 06/09/08 mean? Here (at Chile), that
>> would mean September 6, 2008. But on USA, that means June 09, 2008.
>> Clearly, since we are at August 11, 2008, the time format in the output
>> message is mm/dd/yy. But my windows is using dd/mm/yyyy, so, maybe at
>> some point, something (gpg, or gpgshell, or maybe the function that gets
>> the current date) is taking mm/dd/yy as if it was dd/mm/yy, causing the
>> whole date calculation function to go crazy...
>
>
> Time for computers is generally just the number of seconds since January
> 1, 1970 at 12:00:00 UTC if I'm not mistaken. Date formats are derived
> from that and displayed according to the user's preference.

Yes, I know computers do that, but sometimes, they don't do it...
ms-excel usually likes to give me problems with that... But that was
just an idea about what could be giving problems, and probably is a
wrong idea.

Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIomWNAAoJEMV4f6PvczxAZzUH/ApqJQEVdjx7UjWWFZY9M81E
VoFve/byD86AP1uXHhTtQlvA2L8r13gOcuLS8Ts69tCYELFPn51TikDZQrLYUDZP
DaHzB22mIT10RVohmPsQXUZSYrppyFFeRhUJrROxokComx0T5HoYE34mk4zAJkMD
hSOcHRlYVim43m7+MDWo5qMFGipg/NzMCkqd8x3JYm03WUaeJQZzvjSuB+7l/jtu
mFCbUfqvsStUXdCd4x7fGEBa0DAgjXzUji8djZjNAMhXAIpt5F+MqTmHm9B6343o
VacM9AWJ9sGbbrDxp0Rki4BY0KeW773LON0IcDkEGGRrHZCBMUviS13FAMU9Hfk=
=qEAT
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users[at]gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

faramir.cl at gmail

Aug 12, 2008, 10:28 PM

Post #11 of 14 (238 views)
Permalink

Re: public newer than the signature [In reply to]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Andrew Berg escribiÃ³:
> Robert J. Hansen wrote:
>> It is ridiculously hard to come up with a robust time and date standard.
> Why is that?

Well... just an example: some time ago, the Open Document Format
standard was created. OpenOffice uses it, and it is an ISO standard. But
Microsoft, instead of start using it, designed its own "Open Office XML"
and managed to make it an ISO standard too. So if you want to make a
text editor, you must chose which one you will use... or you can use
your own format... or you can make it compatible with both formats (but
converting files from one format to the other one can be very
difficult). I figure you can find examples of the same problem with
anything related to computers.

By the way, China uses its own calendar, and I am not talking about
computers...

Best Regards
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBCAAGBQJIonC7AAoJEMV4f6PvczxAxRgH/370EZ6++HBvsPnpK8AsH1Mh
ImFy3SqWkeEb3vZTzjKNMs8lYyzY41Brp/QaW/TG4m4S6P7+rbLQnR66PyWV4t5b
cRw7Ceq1AckH672x9IG7hYJANC/nWy+gDVN9WJNQ+n8SfNsMgFyrt8n3Hq6I0GLE
r+zuo0GxFY3MTbuaq2P2JXWrqhXipKDJSqsKsDBhyzH2Djdvi5CC7kPMAWWa4Y+Y
nknGez1X3QaWqITYIfiZmwQ+nPpSqK4Vn1mHuBkcvJnyM6AU/uJmBtZjMl3mFTyX
ym8QzYP506JDAqWDA8UnJRR9fZk4IyqEsgGszJJ1eJEwZOWt2pboyt1/KeECglE=
=AVKm
-----END PGP SIGNATURE-----

_______________________________________________
Gnupg-users mailing list
Gnupg-users[at]gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

wk at gnupg

Aug 12, 2008, 11:24 PM

Post #12 of 14 (239 views)
Permalink

Re: public newer than the signature [In reply to]

On Wed, 13 Aug 2008 05:31, bahamutzero8825[at]gmail.com said:

>> Note that in some instances, GnuPG will use an ISO date format as
>> opposed to seconds-since-Epoch.
> Is this for non-Unix-like systems or is it something completely different?

Well we use it for all parts of GnuPG-2 except for gpg.

The reason for this are problems with time_t. On a 32 bit system time_t
is usually also 32 bit and far worse it is a signed integer. That means
that in January 2038 time_t will overflow and almost all applications
will stop working because virtually no application (or better OS) can
cope with the then negative value. According to ISO C, there is no need
for time_t being signed but most OS implement it this way, probably to
make error handling easier (some functions return (time_t)(-1) to
indicate an error).

OpenPGP also uses such an Epoch time but as an unsigned 32 bit value,
thus it will last until 2106 (expire time even longer because it is
expressed as seconds since key creation). gpg should cope correctly
with dates beyond 2038 but it can't display them on most systems due to
lack of support in the OS.

The easiest way to solve the problems would be to change time_t on 32
bit systems to a 64 bit type. On GNU/Linux this could even be done
without breaking old applications but the maintainer of glibc is not
interested in such a change because he considers time_t the wrong type
to track calendar dates.

Given that already today some X.509 certificates have a expiration date
after 2038 (yes, that is a stupid understanding of security) we could
not easily use time_t. To have a general solution, we tried to
implement a new time API (see Markus Kuhn's website for details). The
problem with that is that this implementation should be portable to all
systems. That turned out to be a major problem: Too many functions in
libc make use of time_t and they are all interweaved (think only of
strftime and printf) and thus it is really hard to replace them. We
canceled that project and instead use a simple approach for gpgsm: The
type we use for calendar time is

typedef char gnupg_isotime_t[16];

which takes an ISO string like "20080813T081500". There are a few
supporting functions because such a type can't be handled as easy as a
scalar value. It turned out that this type is pretty easy to use and
fulfills all requirements in certificate processing.

Shalom-Salam,

Werner

--
Linux-Kongress 2008 + Hamburg + October 7-10 + www.linux-kongress.org

Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.

_______________________________________________
Gnupg-users mailing list
Gnupg-users[at]gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

rjh at sixdemonbag

Aug 13, 2008, 12:25 AM

Post #13 of 14 (239 views)
Permalink

Re: public newer than the signature [In reply to]

Faramir wrote:
> Well... just an example: some time ago, the Open Document Format

The ODF-OOXML debate really has very little to do with date and time
standards. If there was an obviously correct way of doing things, both
document formats would support it.

The problem tends to be this: how do you define "time", and how ought it
be incremented? If you ask a person in the street how long a year is,
they'll say 365 days. If they're bright, they'll say 365 and a quarter.
But the reality is leap years only apply in years evenly divisible by
four and _not_ divisible by 25, with the exception of years evenly
divisible by 400. (No, I'm not kidding. This is why 2000 was a leap
year, but 1900 wasn't.)

And then we get into the question of leap seconds. Where should they be
placed? How should they be accounted for?

That's not even addressing questions like how to make a calendar that
caters to our Gregorian calendar, but can also handle the Jewish and
Islamic calendars, which are defined not in terms of absolute units of
time but in terms of astronomical events.

E.g., in the Gregorian calendar it's pretty easy to tell whether a date
falls on the weekend. In the Jewish calendar, the Sabbath begins at
sundown on what the Gregorian calendar would call Friday and continues
until the appearance of three stars in the sky on Saturday night (!).
Hence, dates in the Jewish calendar depend not only on your latitude and
season, but also on local weather conditions and light pollution.

(Anyone who says "... well, yeah, but that's an obviously crazy calendar
standard, so we shouldn't care about it" will be roundly thwacked.
Given how crazy the Gregorian calendar has occasionally been, including
downright _missing a couple of weeks_ once, the Gregorian calendar does
not exactly have much room to criticize.)

=====

On top of that, there are technical issues. If you're just tracking
seconds since an arbitrary point in time, how do you increment this
clock to adjust for leap seconds? Do you actually increment the clock,
or do you make a note somewhere "the actual time is now offset by a leap
second; the amount of time since Epoch hasn't really changed, though"?

What range of values can the since-Epoch value hold? Most UNIXes hold
it as a 32-bit signed integer, meaning January 1 2038 we're going to see
a lot of legacy applications crash. We could switch it to a 64-bit
value, but this is kind of contentious for various reasons (mostly, IMO,
personal prejudice masquerading as technical objections).

What about applications that need to keep rigorous track of time? For
instance, the UNIX seconds-since-Epoch date/time format is pretty poorly
suited for our modern environment, where GPS satellites need nanosecond
accuracy, and relativistic effects have to be considered for essentially
all satellite communications.

=====

Seconds since Epoch is just a bad date/time format, there's no two ways
about it. But then again, _all_ the date/time formats are bad. What
seconds-since-Epoch has going for it is that it's dead simple and
everyone understands it. Those are two of its strengths, and for that
reason it's not going away anytime soon.

... And on this note, I'm going to stop rambling on this increasingly
off-topic subject. Hopefully this is a good overview of why programmers
hate all the date/time formats out there, and just how tough it is to do
it right. :)

_______________________________________________
Gnupg-users mailing list
Gnupg-users[at]gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

mwood at IUPUI

Aug 13, 2008, 6:39 AM

Post #14 of 14 (238 views)
Permalink

Re: public newer than the signature [In reply to]

On Tue, Aug 12, 2008 at 06:43:49PM -0500, Andrew Berg wrote:
> Time for computers is generally just the number of seconds since January 1,
> 1970 at 12:00:00 UTC if I'm not mistaken. Date formats are derived from that
> and displayed according to the user's preference.

Would that it were that simple. The epoch (time 0) means different
times in different OSes. Unix uses the above, Microsoft products use
another, VMS system time is the quadword number of nanoseconds since
some time on some date in (IIRC) November, 1858 (associated with some
astronomical catalog), etc. SQL has its own ideas about how to
measure time regardless what your OS believes. Even on the same OS
you may find different sets of functions that work with different
representations and may even use different epochs.

It's a valid point that how the machine counts time and how various
programs represent time as text are two different matters, and that
typically the OS presents time in a form that makes arithmetic easy
and the userspace program is responsible for making it comprehensible
to humans.

Time is a mess, dates doubly so. That's why I usually write something
like either 13-Aug-2008 or 20080813T093730 even if it does make people
stop and think.

--
Mark H. Wood, Lead System Programmer mwood[at]IUPUI.Edu
Typically when a software vendor says that a product is "intuitive" he
means the exact opposite.

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com