james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stefano Bagnara (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (JDKIM-15) Support timestamp (t=) attribute in signature
Date Tue, 08 Jun 2010 22:12:13 GMT

     [ https://issues.apache.org/jira/browse/JDKIM-15?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Stefano Bagnara resolved JDKIM-15.

    Resolution: Fixed

In the signer If a signature template includes an empty "t=;" value now the signature is automatically
filled with the current timestamp.

In the verifier if a signature include a t= parameter with a value in the future then the
signature is ignored. (the specs say we "MAY" ignore: I don't see much value in making this

> Support timestamp (t=) attribute in signature
> ---------------------------------------------
>                 Key: JDKIM-15
>                 URL: https://issues.apache.org/jira/browse/JDKIM-15
>             Project: JAMES jDKIM
>          Issue Type: Improvement
>          Components: library
>    Affects Versions: 0.2
>            Reporter: Stefano Bagnara
>            Assignee: Stefano Bagnara
>             Fix For: 0.2
> t=
>     Signature Timestamp (plain-text unsigned decimal integer; RECOMMENDED, default is
an unknown creation time). The time that this signature was created. The format is the number
of seconds since 00:00:00 on January 1, 1970 in the UTC time zone. The value is expressed
as an unsigned integer in decimal ASCII. This value is not constrained to fit into a 31- or
32-bit integer. Implementations SHOULD be prepared to handle values up to at least 10^12 (until
approximately AD 200,000; this fits into 40 bits). To avoid denial-of-service attacks, implementations
MAY consider any value longer than 12 digits to be infinite. Leap seconds are not counted.
Implementations MAY ignore signatures that have a timestamp in the future.
>     ABNF:
>             sig-t-tag    = %x74 [FWS] "=" [FWS] 1*12DIGIT
> If the input signature has "t=;" then we could add the current timestamp, otherwise we
should leave everything as is.
> While verifying a signature with a t= parameter we should "ignore" signatures with a
date in the future.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

View raw message