Network Working Group R. Housley
Request for Comments: 4049 Vigil Security
Category: Experimental April 2005
Network Working Group R. Housley
Request for Comments: 4049 Vigil Security
Category: Experimental April 2005
BinaryTime: An Alternate Format for Representing Date and Time in ASN.1
BinaryTime:在ASN.1中表示日期和时间的另一种格式
Status of This Memo
关于下段备忘
This memo defines an Experimental Protocol for the Internet community. It does not specify an Internet standard of any kind. Discussion and suggestions for improvement are requested. Distribution of this memo is unlimited.
这份备忘录为互联网社区定义了一个实验性协议。它没有规定任何类型的互联网标准。要求进行讨论并提出改进建议。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2005).
版权所有(C)互联网协会(2005年)。
Abstract
摘要
This document specifies a new ASN.1 type for representing time: BinaryTime. This document also specifies an alternate to the signing-time attribute for use with the Cryptographic Message Syntax (CMS) SignedData and AuthenticatedData content types; the binary-signing-time attribute uses BinaryTime. CMS and the signing-time attribute are defined in RFC 3852.
本文档指定了一种新的ASN.1类型来表示时间:BinaryTime。本文档还指定了用于加密消息语法(CMS)SignedData和AuthenticatedData内容类型的签名时间属性的替代项;二进制签名时间属性使用BinaryTime。CMS和签名时间属性在RFC 3852中定义。
This document specifies a new ASN.1 [ASN1] type for representing time: BinaryTime. This ASN.1 type can be used to represent date and time values.
本文档指定了一种新的ASN.1[ASN1]类型来表示时间:BinaryTime。此ASN.1类型可用于表示日期和时间值。
This document also specifies an alternative to the signing-time attribute used with the Cryptographic Message Syntax (CMS) [CMS] SignedData and AuthenticatedData content types, allowing the BinaryTime type to be used instead of the traditional UTCTime and GeneralizedTime types.
本文档还指定了与加密消息语法(CMS)[CMS]SignedData和AuthenticatedData内容类型一起使用的签名时间属性的替代方法,允许使用BinaryTime类型代替传统的UTCTime和GeneralizedTime类型。
Many operating systems represent date and time as an integer. This document specifies an ASN.1 type for representing date and time in a manner that is also an integer. Although some conversion may be necessary due to the selection of a different epoch or a different granularity, an integer representation has several advantages over the UTCTime and GeneralizedTime types.
许多操作系统将日期和时间表示为整数。本文档指定了ASN.1类型,用于以整数的方式表示日期和时间。尽管由于选择了不同的历元或不同的粒度,可能需要进行一些转换,但整数表示与UTCTime和GeneratedTime类型相比有几个优点。
First, a BinaryTime value is smaller than either a UTCTime or a GeneralizedTime value.
首先,BinaryTime值小于UTCTime或GeneralizedTime值。
Second, in some operating systems, the value can be used with little or no conversion. Conversion, when it is needed, requires only straightforward computation. If the endian ordering is different from the ASN.1 representation of an INTEGER, then straightforward manipulation is needed to obtain an equivalent integer value. If the epoch is different than the one chosen for BinaryTime, addition or subtraction is needed to compensate. If the granularity is something other than seconds, then multiplication or division is needed to compensate. Also, padding may be needed to convert the variable-length ASN.1 encoding of INTEGER to a fixed-length value used in the operating system.
第二,在某些操作系统中,可以使用该值而很少或根本不进行转换。当需要转换时,只需要简单的计算。如果endian排序不同于整数的ASN.1表示,则需要直接操作以获得等效的整数值。如果历元不同于为二进制时间选择的历元,则需要进行加法或减法补偿。如果粒度不是秒,则需要乘法或除法进行补偿。此外,可能需要填充来将整数的可变长度ASN.1编码转换为操作系统中使用的固定长度值。
Third, date comparison is very easy with BinaryTime. Integer comparison is easy, even when multi-precision integers are involved. Date comparison with UTCTime or GeneralizedTime can be complex when the two values to be compared are provided in different time zones.
第三,使用二进制时间进行日期比较非常容易。即使涉及多精度整数,整数比较也很容易。当要比较的两个值在不同的时区中提供时,使用UTCTime或GeneratedTime进行日期比较可能会很复杂。
This is a rare instance which both memory and processor cycles can be saved.
这是一个罕见的既可以节省内存又可以节省处理器周期的实例。
The signing-time attribute is defined in [CMS]. The alternative binary-signing-time attribute is defined in this document in order to obtain the benefits of the BinaryTime type.
签名时间属性在[CMS]中定义。本文档中定义了可选的二进制签名时间属性,以获得BinaryTime类型的好处。
In this document, the key words MUST, MUST NOT, REQUIRED, SHOULD, SHOULD NOT, RECOMMENDED, MAY, and OPTIONAL are to be interpreted as described in [STDWORDS].
在本文件中,关键字“必须”、“不得”、“必需”、“应当”、“不应当”、“建议”、“可以”和“可选”应按照[STDOWORDS]中的说明进行解释。
The BinaryTime ASN.1 type is used to represent an absolute time and date. A positive integer value is used to represent time values based on coordinated universal time (UTC), which is also called Greenwich Mean Time (GMT) and ZULU clock time.
BinaryTime ASN.1类型用于表示绝对时间和日期。正整数值用于表示基于协调世界时(UTC)的时间值,协调世界时也称为格林威治标准时间(GMT)和祖鲁时钟时间。
The syntax for BinaryTime is:
BinaryTime的语法为:
BinaryTime ::= INTEGER (0..MAX)
BinaryTime ::= INTEGER (0..MAX)
The integer value is the number of seconds, excluding leap seconds, after midnight UTC, January 1, 1970. This time format cannot represent time values prior to January 1, 1970. The latest UTC time value that can be represented by a four-octet integer value is 03:14:07 on January 19, 2038, which is represented by the hexadecimal value 7FFFFFFF. Time values beyond 03:14:07 on January 19, 2038, are represented by integer values that are longer than four octets, and a five-octet integer value is sufficient to represent dates covering the next seventeen millennia.
整数值是UTC(1970年1月1日)午夜后的秒数,不包括闰秒。此时间格式不能表示1970年1月1日之前的时间值。可由四个八位整数表示的最新UTC时间值为2038年1月19日03:14:07,由十六进制值7FFFFF表示。2038年1月19日03:14:07之后的时间值由大于四个八位字节的整数值表示,五个八位字节的整数值足以表示下一个17000年的日期。
This specification uses a variable-length encoding of INTEGER. This permits any time value after midnight UTC, January 1, 1970, to be represented.
此规范使用整数的可变长度编码。这允许表示1970年1月1日UTC午夜之后的任何时间值。
When encoding an integer value that consists of more than one octet, which includes almost all the time values of interest, the bits of the first octet and bit 8 of the second octet MUST NOT all be ones or all zeros. This rule ensures that an integer value is always encoded in the smallest possible number of octets. However, it means that implementations cannot assume a fixed length for the integer value.
当编码一个由多个八位组组成的整数值时,其中包括几乎所有感兴趣的时间值,第一个八位组的位和第二个八位组的位8不得全部为1或全部为零。此规则确保整数值始终以尽可能小的八位字节数编码。但是,这意味着实现不能假定整数值的固定长度。
The binary-signing-time attribute type specifies the time at which the signer (purportedly) performed the signing process. The binary-signing-time attribute type is intended for use in the CMS SignedData content type; however, the attribute can also be used with the AuthenticatedData content type.
二进制签名时间属性类型指定签名者(据称)执行签名过程的时间。二进制签名时间属性类型用于CMS SignedData内容类型;但是,该属性也可以与AuthenticatedData内容类型一起使用。
The binary-signing-time attribute MUST be a signed attribute or an authenticated attribute; it MUST NOT be an unsigned attribute, unauthenticated attribute, or unprotected attribute.
二进制签名时间属性必须是已签名属性或已验证属性;它不能是未签名的属性、未经身份验证的属性或未受保护的属性。
The following object identifier identifies the binary-signing-time attribute:
以下对象标识符标识二进制签名时间属性:
id-aa-binarySigningTime OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) aa(2) 46 }
id-aa-binarySigningTime OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) aa(2) 46 }
The binary-signing-time attribute values have ASN.1 type BinarySigningTime:
二进制签名时间属性值具有ASN.1类型BinarySigningTime:
BinarySigningTime ::= BinaryTime
BinarySigningTime ::= BinaryTime
In [CMS], the SignedAttributes syntax and the AuthAttributes syntax are each defined as a SET OF Attributes. However, the binary-signing-time attribute MUST have a single attribute value, even though the syntax is defined as a SET OF AttributeValue. There MUST NOT be zero or multiple instances of AttributeValue present.
在[CMS]中,SignedAttribute语法和AuthAttributes语法都定义为一组属性。但是,二进制签名时间属性必须具有单个属性值,即使语法定义为一组AttributeValue。AttributeValue的实例不能为零或多个。
The SignedAttributes contained in the signerInfo structure within SignedData MUST NOT include multiple instances of the binary-signing-time attribute. Similarly, the AuthAttributes in an AuthenticatedData MUST NOT include multiple instances of the binary-signing-time attribute.
SignedData中signerInfo结构中包含的SignedAttribute不能包含二进制签名时间属性的多个实例。类似地,AuthenticatedData中的AuthAttributes不得包含二进制签名时间属性的多个实例。
No requirement is imposed concerning the correctness of the signing time itself, and acceptance of a purported signing time is a matter of a recipient's discretion. It is expected, however, that some signers, such as time-stamp servers, will be trusted implicitly.
没有对签字时间本身的正确性提出任何要求,接受所谓的签字时间是接收人的自由裁量权。但是,预计某些签名者(如时间戳服务器)将受到隐式信任。
This section provides normative and informative references.
本节提供了规范性和信息性参考。
[ASN1] CCITT. Recommendation X.208: Specification of Abstract Syntax Notation One (ASN.1). 1988.
[ASN1]CCITT。建议X.208:抽象语法符号1(ASN.1)的规范。1988
[CMS] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 3852, July 2004.
[CMS]Housley,R.,“加密消息语法(CMS)”,RFC 38522004年7月。
[STDWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[STDWORDS]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[TSP] Adams, C., Cain, P., Pinkas, D., and R. Zuccherato, "Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)", RFC 3161, August 2001.
[TSP]Adams,C.,Cain,P.,Pinkas,D.,和R.Zuccherato,“互联网X.509公钥基础设施时间戳协议(TSP)”,RFC 31612001年8月。
Use of the binary-signing-time attribute does not necessarily provide confidence in the time when the signature value was produced. Therefore, acceptance of a purported signing time is a matter of a recipient's discretion. RFC 3161 [TSP] specifies a protocol for obtaining time stamps from a trusted entity.
使用二进制签名时间属性不一定能提供生成签名值的时间的置信度。因此,接受所谓的签署时间是接收人的自由裁量权。RFC 3161[TSP]指定了一种从受信任实体获取时间戳的协议。
The original signing-time attribute defined in [CMS] has the same semantics as the binary-signing-time attribute specified in this document. Therefore, only one of these attributes SHOULD be present in the signedAttrs of a SignerInfo object or in the authAttrs of an AuthenticatedData object. However, if both of these attributes are present, they MUST provide the same date and time.
[CMS]中定义的原始签名时间属性与本文档中指定的二进制签名时间属性具有相同的语义。因此,SignerInfo对象的SignedAttr或AuthenticatedData对象的AuthAttr中只应存在其中一个属性。但是,如果这两个属性都存在,则它们必须提供相同的日期和时间。
Appendix A: ASN.1 Module
附录A:ASN.1模块
The ASN.1 module contained in this appendix defines the structures that are needed to implement this specification. It is expected to be used in conjunction with the ASN.1 modules in [CMS].
本附录中包含的ASN.1模块定义了实施本规范所需的结构。预计它将与[CMS]中的ASN.1模块一起使用。
BinarySigningTimeModule
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) modules(0) 27 }
BinarySigningTimeModule
{ iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1)
pkcs-9(9) smime(16) modules(0) 27 }
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
DEFINITIONS IMPLICIT TAGS ::=
BEGIN
-- BinaryTime Definition
--二进制时间定义
BinaryTime ::= INTEGER (0..MAX)
BinaryTime ::= INTEGER (0..MAX)
-- Signing Binary Time Attribute
--签名二进制时间属性
id-aa-binarySigningTime OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) aa(2) 46 }
id-aa-binarySigningTime OBJECT IDENTIFIER ::= { iso(1)
member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs9(9)
smime(16) aa(2) 46 }
BinarySigningTime ::= BinaryTime
BinarySigningTime ::= BinaryTime
END
终止
Author's Address
作者地址
Russell Housley Vigil Security, LLC 918 Spring Knoll Drive Herndon, VA 20170 USA
Russell Housley Vigil Security,LLC 918 Spring Knoll Drive Herndon,弗吉尼亚州,邮编20170
EMail: housley@vigilsec.com
EMail: housley@vigilsec.com
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2005).
版权所有(C)互联网协会(2005年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。