In Chrome, the current time is compared directly to the value of the notAfter timestamp, treating notAfter as an instant. The answer would be "not valid".
In Mozilla::PKIX, the current time is compared directly to the value of the notAfter timestamp, but the current time is also truncated to the granularity of one second (the `mozilla::pkix::Time` class is only capable of one-second resolution). The answer would be "valid".I have yet to find a single implementation which computes a "validity period" by subtracting the notBefore timestamp from the notAfter timestamp and then adding one additional second to include the entirety of the notAfter's second.
On Wed, Jun 9, 2021 at 8:28 PM Aaron Gable <aa...@letsencrypt.org> wrote:In Chrome, the current time is compared directly to the value of the notAfter timestamp, treating notAfter as an instant. The answer would be "not valid".This is the wrong code. That's just for some UI dressing and... is very old code :)The relevant code is here - https://source.chromium.org/chromium/chromium/src/+/main:net/cert/internal/verify_certificate_chain.cc;l=107-111;drc=c06511a314747fab345af58b8523eec1b36caf05 - and the answer is consistent with mozilla::pkix - aka "valid".I explained a bit
>But it is not immediately clear what should happen in the first hypothetical
>case, where some fraction of a second has elapsed since the beginning of the
>second indicated by the notAfter timestamp.
This looks like a standard accuracy vs. precision situation. In this case
since the time in the certificate must be truncated to seconds, the time used
for the comparison should also be truncated to seconds.
Peter.
>Why is the precision of 1s that important?
Because of things like this:
https://bugzilla.mozilla.org/show_bug.cgi?id=1715455
Let's Encrypt: certificate lifetimes 90 days plus one second
When you're playing compliance bingo, it's very important to pay attention to
every little detail. In particular running around to make sure every mouse
hole in the barn is patched distracts from the fact that one of the barn walls
is missing.
Peter.
We're really talking about 2 related issues: What is the interval
(or period), and when does the certificate expire.
RFC 5280 talks about an interval and period. An interval would be
something like "1 second" or "1 day", but it gets represented by 2
timestamps. The most natural way to calculate the interval from
those 2 timestamps is the difference between them, so 10:00:01 -
10:00:00 would be 1 second. There are people who argue
that the text in RFC 5280 says that that is actually a 2 second
interval, which I don't agree with.
When you're playing compliance bingo, it's very important to pay attention to
every little detail. In particular running around to make sure every mouse
hole in the barn is patched distracts from the fact that one of the barn walls
is missing.
RFC5280 only allows a resolution of seconds.
OpenSSL uses a time_t, which also has a resolution of seconds. I
assume most other implementations also have a resolution of 1
second.
Unambiguously, it seems we all agree that yes, it is minimally valid at exactly 20210601000000 - that is, it’s valid until the first instant *after* the notAfter. Hopefully that is not in question.
Now, how would a CA express a notAfter of 00:00:00.51?
Expired. Common usage in English is that any parts of a time not specified
are implied to be 0. "The assignment deadline is 2pm Thursday" does not
ordinarily imply that submissions will be accepted at 2:59pm.
>Can you clarify which barn wall you feel is missing?
In commercial PKI? How much time do you have?
(The previous message was a generic tongue-in-cheek comment, not meant to be a
starter for any further discussion).
Peter.
If truncating the current time prior to comparison is the correct approach, then that should be standardized. If adding the entirety of the trailing second to the validity period is required, then that should be standardized. Neither of these is the case.
(The previous message was a generic tongue-in-cheek comment, not meant to be a
starter for any further discussion).
With respect to incident management, these latter two points are the most concerning parts of the Let's Encrypt incident, independent of any interpretation issues, and thus cannot be dismissed or addressed by referencing this thread or any disagreements with the interpretation. To be clear, I'm not trying to accuse you of doing so, but wanting to make sure there's alignment on understanding the concerns here for the inter-relationship between the thread and the bug, particularly for the newer participants (welcome!).