[tz] leap-seconds.list format

[Paul Eggert]

On 2/8/24 06:21, Martin Burnicki via tz wrote:

> https://kb.meinbergglobal.com/kb/time_sync/ntp/configuration/ntp_leap_second_file

Thanks, I installed the attached patch to refer to that page.

A few comments about its contents:

> For higher security the file should be signed using a public key certificate which can also be checked after the file has already been downloaded. However, this is currently not implemented

As per Internet RFC 6557 (2012) section 3, TZDB distributions are signed 
via a PGP signature. This signature is published in each distribution's 
announcement, so effectively you can obtain a signed leap-seconds.list 
from a TZDB distribution. This practice started in 2012e, in response to 
the RFC.

Also, TZDB releases have signed tags in the Github development 
repository; this is another way to verify leap-seconds.list

Admittedly neither of these techniques are the same as having the IERS 
sign the file, which would be preferable.


> The IETF website https://www.ietf.org/timezones/data/ used to provide the files extracted from the latest TZ DB distribution archive, but this no longer appears to be the case . 

Yes, I think that has been retired; Kim Davies could confirm that if he 
has the time.

One other link you might want to mention is:

https://raw.githubusercontent.com/eggert/tz/main/leap-seconds.list

This is the latest version of leap-seconds.list in the TZDB development 
repository. It is more up-to-date than 
<https://data.iana.org/time-zones/tzdb/leap-seconds.list>, though less 
up-to-date than the IERS primary copy. Github likely resists DDoS 
attacks better than the other sites; see 
<https://github.blog/2018-03-01-ddos-incident-report/>.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Cite-The-NTP-Leap-Second-File.patch
Type: text/x-patch
Size: 2492 bytes
Desc: not available
URL: <http://mm.icann.org/pipermail/tz/attachments/20240208/60afa181/attachment.bin>