[tz] leap_second.list not updated after latest IERS Bulletin C
Martin Burnicki
martin.burnicki at meinberg.de
Mon Dec 18 11:49:01 UTC 2023
Brian Inglis via tz wrote:
[...]
> The hash code is computed over only the numeric data content comprised
> of delta TAI offsets and NTP timestamps including those for validity and
> expiry in flagged comments, so is unchanged.
>
> This hash could also do with being upgraded and augmented for backward
> compatibility by possibly detached sha2/sha3 sum and/or gpg2 signature.
IMO the file hash in the existing form is obsolete anyway.
At the time when the file format was introduced and the file was
downloaded via modem/serial lines, the hash could be used to verify the
integrity of the file, but it can't be used to prove the authenticity.
Everybody who wants to spoof leap second information can create a file
with the desired content and create a valid hash signature for his file.
Downloading the file via https instead of FTP increases trustworthiness,
but I agree that a gpg2 signature would be very useful to be check the
authenticity of the file.
On the other hand, the same is true for all data files that are
published by IERS and similar institutions.
Martin
--
Martin Burnicki
Senior Software Engineer
MEINBERG Funkuhren GmbH & Co. KG
Email: martin.burnicki at meinberg.de
Phone: +49 5281 9309-414
Linkedin: https://www.linkedin.com/in/martinburnicki/
Lange Wand 9, 31812 Bad Pyrmont, Germany
Amtsgericht Hannover 17HRA 100322
Geschäftsführer/Managing Directors: Günter Meinberg, Werner Meinberg,
Andre Hartmann, Heiko Gerstung
Websites: https://www.meinberg.de https://www.meinbergglobal.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://mm.icann.org/pipermail/tz/attachments/20231218/53cc9eb6/attachment.sig>
More information about the tz
mailing list