[tz] leap_second.list not updated after latest IERS Bulletin C

Martin Burnicki martin.burnicki at meinberg.de
Mon Dec 18 11:49:01 UTC 2023


Brian Inglis via tz wrote:
[...]
> The hash code is computed over only the numeric data content comprised 
> of delta TAI offsets and NTP timestamps including those for validity and 
> expiry in flagged comments, so is unchanged.
 >
> This hash could also do with being upgraded and augmented for backward 
> compatibility by possibly detached sha2/sha3 sum and/or gpg2 signature.

IMO the file hash in the existing form is obsolete anyway.

At the time when the file format was introduced and the file was 
downloaded via modem/serial lines, the hash could be used to verify the 
integrity of the file, but it can't be used to prove the authenticity.

Everybody who wants to spoof leap second information can create a file 
with the desired content and create a valid hash signature for his file.

Downloading the file via https instead of FTP increases trustworthiness, 
but I agree that a gpg2 signature would be very useful to be check the 
authenticity of the file.

On the other hand, the same is true for all data files that are 
published by IERS and similar institutions.

Martin
-- 
Martin Burnicki

Senior Software Engineer

MEINBERG Funkuhren GmbH & Co. KG
Email: martin.burnicki at meinberg.de
Phone: +49 5281 9309-414
Linkedin: https://www.linkedin.com/in/martinburnicki/

Lange Wand 9, 31812 Bad Pyrmont, Germany
Amtsgericht Hannover 17HRA 100322
Geschäftsführer/Managing Directors: Günter Meinberg, Werner Meinberg, 
Andre Hartmann, Heiko Gerstung
Websites: https://www.meinberg.de  https://www.meinbergglobal.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://mm.icann.org/pipermail/tz/attachments/20231218/53cc9eb6/attachment.sig>


More information about the tz mailing list