Re: ClockDrift ?

From: SM <>
Date: Tue, 07 Aug 2012 11:30:52 -0700

At 11:15 07-08-2012, Benny Pedersen wrote:
>how can opendkim get 2 times on signing time ?

    t= Signature Timestamp (plain-text unsigned decimal integer;
       RECOMMENDED, default is an unknown creation time). The time that
       this signature was created. The format is the number of seconds
       since 00:00:00 on January 1, 1970 in the UTC time zone. The value
       is expressed as an unsigned integer in decimal ASCII. This value
       is not constrained to fit into a 31- or 32-bit integer.
       Implementations SHOULD be prepared to handle values up to at least
       10^12 (until approximately AD 200,000; this fits into 40 bits).
       To avoid denial-of-service attacks, implementations MAY consider
       any value longer than 12 digits to be infinite. Leap seconds are
       not counted. Implementations MAY ignore signatures that have a
       timestamp in the future.

The DKIM verifier compares its internal time with the "t=" tag. If
the time in "t=" is after the "internal time" you'll see that warning
in the Authentication-Results: header field. There is a ClockDrift
setting in OpenDKIM to make allowances for a small difference in time.

Received on Tue Aug 07 2012 - 18:31:26 PST

This archive was generated by hypermail 2.3.0 : Mon Oct 29 2012 - 23:20:42 PST