), the signature creation time is in UTC.
of seconds elapsed since midnight, 1 January 1970 UTC.
The time the signature was made.
> On 11 Feb 2019, at 19:29, Sandra Murphy <
sandy@tislabs.com> wrote:
>
> I’m surprised at the question. I don’t know PGP/GPG all that well, but I checked and the IETF standard for X-509 certificates (RFC5280) requires CAs to use UTC in the signature time fields, and CMS (RFC5682) requires UTC in the SigningTime (in both cases, up to the year 2049).
>
> Does this become an issue because the signatures in the RIPE database are doing something different?
>
> —Sandy
>
>
>> On Feb 11, 2019, at 11:41 AM, Edward Shryane via db-wg <
db-wg@ripe.net> wrote:
>>
>> Hi Denis,
>>
>>> On 11 Feb 2019, at 16:53, denis walker <
ripedenis@yahoo.co.uk> wrote:
>>>
>>> Hi Ed
>>>
>>> Thanks for following up on this. Just one question, have you taken into account time zones? If an update is signed now in Dubai it is 19:51. If the update is processed on Amsterdam time, it is 16:51. Will this update fail because it is 3 hours in the future?
>>>
>>> cheers
>>> denis
>>> co-chair DB-WG
>>>
>>
>> Good question. We rely on the Bouncy Castle cryptography library to provide the signing time for the message, and it does appear to take the timezone into account.
>>
>> I tested by signing a message inside a virtual machine set to a different timezone (EST), and the signature creation time was correctly mapped to the local timezone (within a minute rather than hours).
>>
>> The signed updates in production appear to confirm this - only 24 messages were more than 1 hour old, out of 118,183 (from October to December 2018), and none of these appeared to be offset by a multiple of hours.
>>
>> Regards
>> Ed
>>
>