You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by "Stefano Bagnara (JIRA)" <ji...@apache.org> on 2010/06/09 00:12:13 UTC
[jira] Resolved: (JDKIM-15) Support timestamp (t=) attribute in
signature
[ https://issues.apache.org/jira/browse/JDKIM-15?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stefano Bagnara resolved JDKIM-15.
----------------------------------
Resolution: Fixed
In the signer If a signature template includes an empty "t=;" value now the signature is automatically filled with the current timestamp.
In the verifier if a signature include a t= parameter with a value in the future then the signature is ignored. (the specs say we "MAY" ignore: I don't see much value in making this configurable)
> Support timestamp (t=) attribute in signature
> ---------------------------------------------
>
> Key: JDKIM-15
> URL: https://issues.apache.org/jira/browse/JDKIM-15
> Project: JAMES jDKIM
> Issue Type: Improvement
> Components: library
> Affects Versions: 0.2
> Reporter: Stefano Bagnara
> Assignee: Stefano Bagnara
> Fix For: 0.2
>
>
> t=
> Signature Timestamp (plain-text unsigned decimal integer; RECOMMENDED, default is an unknown creation time). The time that this signature was created. The format is the number of seconds since 00:00:00 on January 1, 1970 in the UTC time zone. The value is expressed as an unsigned integer in decimal ASCII. This value is not constrained to fit into a 31- or 32-bit integer. Implementations SHOULD be prepared to handle values up to at least 10^12 (until approximately AD 200,000; this fits into 40 bits). To avoid denial-of-service attacks, implementations MAY consider any value longer than 12 digits to be infinite. Leap seconds are not counted. Implementations MAY ignore signatures that have a timestamp in the future.
> ABNF:
> sig-t-tag = %x74 [FWS] "=" [FWS] 1*12DIGIT
> If the input signature has "t=;" then we could add the current timestamp, otherwise we should leave everything as is.
> While verifying a signature with a t= parameter we should "ignore" signatures with a date in the future.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org