[tz] leap-seconds.list format
brian.inglis at systematicsw.ab.ca
brian.inglis at systematicsw.ab.ca
Sun Feb 11 00:22:18 UTC 2024
On 2024-02-09 18:26, Paul Eggert wrote:
> On 2024-02-09 14:20, brian.inglis--- via tz wrote:
>>> On 2/8/24 06:21, Martin Burnicki via tz wrote:
>>>> For higher security the file should be signed using a public key certificate
>>>> ...
>>
>> You can check leap-seconds.list sha1
>
> That SHA1 checksum merely checks for data corruption. Martin was asking for a
> signature via a public key certificate. Such a signature also verifies that the
> sender is not some random attacker; this is a stronger guarantee than a
> checksum. This is why TZDB releases have signed tags on GitHub and why release
> announcements contain the tarballs' PGP signatures.
I am aware of that, and was suggesting all we can do for now with the current
distribution: using https:// as you suggested, sha1 check, and eyeball diff (-b)
in case of site hacks.
I left the remainder of the post intact with information of useful additions.
I previously suggested to the folks at IERS they include an additional updated
hash (#H?) or detached signature, when providing feedback on leap-second files
issued with expiry dates earlier than the issue date of the next Bulletin C.
Currently document digital signature certs appear to be restricted to structured
document types to which a digital signature subtype can be added e.g. PDF/*Office.
It appears that only a generic cert for hpiers.obspm.fr could be used to create
a detached (armored) signature.
--
Take care. Thanks, Brian Inglis Calgary, Alberta, Canada
La perfection est atteinte Perfection is achieved
non pas lorsqu'il n'y a plus rien à ajouter not when there is no more to add
mais lorsqu'il n'y a plus rien à retirer but when there is no more to cut
-- Antoine de Saint-Exupéry
More information about the tz
mailing list