Project

General

Profile

Actions
Copy link

Bug #5280

open

ValidityPeriod.NotAfter=99991231T235959 truncated

Added by Junxiao Shi 9 months ago. Updated 9 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

The following command imports a SafeBag that contains a certificate whose ValidityPeriod.NotAfter is set to "99991231T235959" i.e. 9999-12-31 23:59:59 UTC, which is a valid ISO8601 timestamp and also satisfies the ABNF definition for this field.
However, ndn-cxx truncates this field to be 2262-04-11 23:47:16 UTC.
This truncation is a result of the simple solution to Bug #5176, which enables the certificate to be treated as valid within the next two centuries, but it was not a perfect solution.

$ echo 'gP0CEAb9ARsHIggBUwgDS0VZJAgABceDW8GxaAgEc2VsZiMIAAABesFfK3MUCRgBAhkEADbugBVbMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEw++PLgtFQLGDKYIPB8Qw6+e50TuT1zZRzamZmSdhD7NknRvNsaNXP/noEs+S0s35ddmgN5tp4Cvd4vIX6QyJ9BZDGwEDHBQHEggBUwgDS0VZJAgABceDW8GxaP0A/Sb9AP4PMTk4NzAyMTJUMDYzMDAw/QD/Dzk5OTkxMjMxVDIzNTk1ORdIMEYCIQD1JU+Kmeut3zUZ8BWcLhrXf4geN+lKENKB7pI5SI9OZgIhAOUV/J3Nlso7ypNUtb3Ovcg9H3BNpQvn0DcBSZnFgl/Rge8wgewwVwYJKoZIhvcNAQUNMEowKQYJKoZIhvcNAQUMMBwECKo+z3zz2Q1uAgIIADAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQXf/OKYBrL3NND7Asv2j4xASBkGF2pObyOD8j9fW5b18wbXCyy9wblt+iBV0DgIa5TszztU0XyK7A4uybuY+J6Ud7Izfy1h0Ww1cqfnOJLLcG/vo8tcqjNfEeKYjbOW3A0cQSqwf5uPRueCA8qURHjCawoYaV7yvxpDbKLCLdMwQhdsok3t70EWtpsp1Yoc/1/eiC2Rc8o1euT1apDC7LItnFpA==' | ndnsec import -P 9c570742-82ed-41a8-a370-8e0c8806e5e4 -
$ NDN_NAME_ALT_URI=0 ndnsec cert-dump -pi /S
Certificate Name:
  /8=S/8=KEY/36=%00%05%C7%83%5B%C1%B1h/8=self/35=%00%00%01z%C1_%2Bs
Public Key:
  Key Type: 256-bit EC
  MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEw++PLgtFQLGDKYIPB8Qw6+e50TuT
  1zZRzamZmSdhD7NknRvNsaNXP/noEs+S0s35ddmgN5tp4Cvd4vIX6QyJ9A==
Validity:
  Not Before: 1987-02-12T06:30:00
  Not After: 2262-04-11T23:47:16
Signature Information:
  Signature Type: SignatureSha256WithEcdsa
  Key Locator: Name=/8=S/8=KEY/36=%00%05%C7%83%5B%C1%B1h
  Self-Signed: yes

Related issues 1 (0 open1 closed)

Related to ndn-cxx - Bug #5176: ValidityPeriod.NotAfter=99991231T235959 misinterpretedClosedJunxiao Shi

Actions
Actions
Copy link
 #1

Updated by Junxiao Shi 9 months ago

  • Related to Bug #5176: ValidityPeriod.NotAfter=99991231T235959 misinterpreted added
Actions
Copy link
 #2

Updated by Davide Pesavento 9 months ago

  • Subject changed from ValidityPeriod.NotAfter=99991231T235959 truncated to ValidityPeriod.NotAfter=99991231T235959 truncated
  • Category set to Security

You didn't have to open another issue, but whatever...

A potential solution is mentioned in https://redmine.named-data.net/issues/5176#note-7

Actions
Copy link

Also available in: Atom PDF