<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri",sans-serif;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="color:#222222">My team was recently made aware of a change in the time comparison<o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222">logic in openssl to adhere to RFC5280 requirements . This change will be in<o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222">the upcoming 1.0.2p and 1.1.0i releases. We’ve had discussions regarding<o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222">the impact to legacy devices in the field and feel the change could be<o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222">detrimental if enabled by default.<o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222"> <o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222">We've seen fractional time used in many cases, for example the IAIK<o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222">crypto library generated fractional times for quite a while. I believe the<o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222">issue with the IAIK library has been fixed, but products still have those certs<o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222">embedded in them today.<o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222"> <o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222">In reading the discussion linked below it seems the only impetus for<o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222">this change was to meet RFC5280, not that allowing fractional times<o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222">was any specific vulnerability.<o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222"> <o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_issues_2620&d=DwMFAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=Lwc9LOtfM8pc8gkaABxWdUutvh8gwoL2KvhYe2d4y3Q&s=7DMTtQYOol3SGlQwP-5nyNTMX8ulbcaYRt5_PF8ol7g&e="><span style="color:#0563C1">https://github.com/openssl/openssl/issues/2620</span></a><o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222"> <o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222">Is there any option for this going forward, removal, compile-time<o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222">enabled or part of the strict checks ?<o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222"> <o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222">Thanks !<o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222"> <o:p></o:p></span></p>
<p class="MsoNormal" style="font-variant-ligatures: normal;font-variant-caps: normal;orphans: 2;text-align:start;widows: 2;-webkit-text-stroke-width: 0px;text-decoration-style: initial;text-decoration-color: initial;word-spacing:0px">
<span style="color:#222222">Barry Fussell<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<table class="MsoNormalTable" border="1" cellspacing="0" cellpadding="0" width="0" style="width:326.45pt;border:solid #CCCCCC 1.0pt">
<tbody>
<tr>
<td width="434" colspan="2" style="width:325.45pt;border:none;border-bottom:solid #CCCCCC 1.0pt;padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-family:"Times New Roman",serif"><img border="0" width="401" height="47" id="Picture_x0020_1" src="cid:image001.jpg@01D430A6.5A482950" alt="http://www.cisco.com/web/europe/images/email/signature/tomorrow_anthem_H.png"></span><o:p></o:p></p>
</td>
<td style="border:none;padding:0in 0in 0in 0in" width="1">
<p class="MsoNormal"> </p>
</td>
</tr>
<tr>
<td width="217" valign="top" style="width:162.55pt;border:none;padding:11.25pt 0in 11.25pt .25in">
<p class="MsoNormal"><b><span style="font-size:9.0pt">Barry Fussell</span></b><span style="font-size:9.0pt"><br>
Technical Leader<br>
Security & Trust Organization<br>
</span><a href="mailto:bfussell@cisco.com"><span style="font-size:9.0pt;color:#0563C1">bfussell@cisco.com</span></a><span style="font-size:9.0pt"><br>
Phone: <b>+1 919 392 2920</b><o:p></o:p></span></p>
</td>
<td width="217" valign="top" style="width:162.9pt;border:none;padding:11.25pt 0in 7.5pt 15.0pt">
<p class="MsoNormal"><b><span style="font-size:9.0pt">Cisco Systems, Inc.</span></b><span style="font-size:9.0pt"><br>
7025-2 Kit Creek Road<br>
Research Triangle Park, NC 27709<br>
United States<br>
</span><a href="http://www.cisco.com/"><span style="font-size:9.0pt;color:#0563C1">Cisco.com</span></a><span style="font-size:9.0pt"><o:p></o:p></span></p>
</td>
<td width="1" style="width:1.0pt;border:none;padding:0in 0in 0in 0in"></td>
</tr>
<tr style="height:3.0pt">
<td width="434" colspan="2" style="width:325.45pt;border:none;padding:0in 0in 0in 0in;height:3.0pt">
</td>
<td style="border:none;padding:0in 0in 0in 0in" width="1">
<p class="MsoNormal"> </p>
</td>
</tr>
<tr>
<td width="434" colspan="2" style="width:325.45pt;border:none;border-top:solid #CCCCCC 1.0pt;padding:3.75pt 15.0pt 3.75pt .25in">
<p class="MsoNormal"><span style="font-size:6.0pt"><img border="0" width="19" height="19" id="Picture_x0020_2" src="cid:image002.jpg@01D430A6.5A482950" alt="http://www.cisco.com/assets/swa/img/thinkbeforeyouprint.gif">Think before you print.</span><span style="font-size:6.0pt"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:6.0pt">This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended
 recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:6.0pt">Please </span><a href="http://www.cisco.com/web/about/doing_business/legal/cri/index.html" title="Legal Information"><span style="font-size:6.0pt;color:#0563C1">click here</span></a><span style="font-size:6.0pt">
 for Company Registration Information.</span><o:p></o:p></p>
</td>
<td style="border:none;padding:0in 0in 0in 0in" width="1">
<p class="MsoNormal"> </p>
</td>
</tr>
<tr height="0">
<td width="325" style="border:none"></td>
<td width="326" style="border:none"></td>
<td width="2" style="border:none"></td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>