diff options
author | Phil Pennock <pdp@exim.org> | 2012-07-12 15:42:08 -0700 |
---|---|---|
committer | Phil Pennock <pdp@exim.org> | 2012-07-12 15:42:08 -0700 |
commit | 1dec42400b8243809625f0e18e0aa626ee708e16 (patch) | |
tree | 6823da095d3ec4d680b05f87544f2bb13ce79a2b | |
parent | c1c469dbe99c0521df4dff0eb057622416886fae (diff) |
Doc note re 9999 days & 32bit time (SSL certs)
Thanks to Jay Rouman for highlighting that there can be rollover.
I have chosen *not* to reduce the duration, but to leave it and instead
provoke thought on the part of those deploying systems, if this bites them.
-rw-r--r-- | doc/doc-docbook/spec.xfpt | 18 | ||||
-rw-r--r-- | src/ACKNOWLEDGMENTS | 1 |
2 files changed, 19 insertions, 0 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 579c112c9..140d8f993 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -25866,6 +25866,8 @@ install if the receiving end is a client MUA that can interact with a user. .cindex "certificate" "self-signed" You can create a self-signed certificate using the &'req'& command provided with OpenSSL, like this: +. ==== Do not shorten the duration here without reading and considering +. ==== the text below. Please leave it at 9999 days. .code openssl req -x509 -newkey rsa:1024 -keyout file1 -out file2 \ -days 9999 -nodes @@ -25878,6 +25880,22 @@ that you are prompted for, and any use that is made of the key causes more prompting for the passphrase. This is not helpful if you are going to use this certificate and key in an MTA, where prompting is not possible. +. ==== I expect to still be working 26 years from now. The less technical +. ==== debt I create, in terms of storing up trouble for my later years, the +. ==== happier I will be then. We really have reached the point where we +. ==== should start, at the very least, provoking thought and making folks +. ==== pause before proceeding, instead of leaving all the fixes until two +. ==== years before 2^31 seconds after the 1970 Unix epoch. +. ==== -pdp, 2012 +NB: we are now past the point where 9999 days takes us past the 32-bit Unix +epoch. If your system uses unsigned time_t (most do) and is 32-bit, then +the above command might produce a date in the past. Think carefully about +the lifetime of the systems you're deploying, and either reduce the duration +of the certificate or reconsider your platform deployment. (At time of +writing, reducing the duration is the most likely choice, but the inexorable +progression of time takes us steadily towards an era where this will not +be a sensible resolution). + A self-signed certificate made in this way is sufficient for testing, and may be adequate for all your requirements if you are mainly interested in encrypting transfers, and not in secure identification. diff --git a/src/ACKNOWLEDGMENTS b/src/ACKNOWLEDGMENTS index 6af3db899..75f0268a8 100644 --- a/src/ACKNOWLEDGMENTS +++ b/src/ACKNOWLEDGMENTS @@ -427,6 +427,7 @@ Dan Rosenberg Security notification & patch for hardlink attack on sticky mail directory Security notification of race condition in MBX locking Jay Rouman Kept our copyright claim in the 21st century, not 11th + Drew attention to SSL docs and epoch issue on 32bit Heiko Schlittermann Patch making maildir_use_size_file expand Patch fixing maildir quota file races Patch fixing make parallelisation |