Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Creation Time and Expiration Time do not allow for clock skew #1187

Closed
richanna opened this issue May 25, 2020 · 1 comment · Fixed by #1235
Closed

Creation Time and Expiration Time do not allow for clock skew #1187

richanna opened this issue May 25, 2020 · 1 comment · Fixed by #1235
Labels
signatures

Comments

@richanna
Copy link
Contributor

The processing instructions for Creation Time and Expiration Time imply that verifiers are not permitted to account for clock skew during signature verification.
@ioggstream
Copy link
Contributor

This can safely be fixed adding a nbf-like claim, so that the signer remains in control of the signature validity. This is especially important if the signature is created with the signer's private key.

imho this kind of document should not define a clock-skew tolerance threshold, and implementors shoud be suggested to fix their clocks.

There may be corner cases (eg. IoT/disconnected devices ) that we should address properly

@richanna richanna mentioned this issue Jul 24, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
signatures
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Incorporating WG feedback richanna/http-extensions
3 participants
@mnot @ioggstream @richanna