Why are the effective dates of some lints set to ZeroDate?

zmap / zlint

X.509 Certificate Linter focused on Web PKI standards and requirements.

https://zmap.io

Apache License 2.0

363 stars 109 forks source link

Why are the effective dates of some lints set to ZeroDate? #769

Closed zzzsz closed 7 months ago

zzzsz commented 1 year ago

Example: func init() { lint.RegisterLint(&lint.Lint{ Name: "e_sub_ca_aia_marked_critical", Description: "Subordinate CA Certificate: authorityInformationAccess MUST NOT be marked critical", Citation: "BRs: 7.1.2.2", Source: lint.CABFBaselineRequirements, EffectiveDate: util.ZeroDate, Lint: NewSubCaAIAMarkedCritical, }) }

toddgaunt-gs commented 9 months ago

I can comment that some lints from my organization are given the util.ZeroDate since we want them effective immediately, and we don't necessarily care for specifying the exact date it should be enacted unless we plan on rolling out the lint in a release before it should be effective. In these cases I'd assume it was similar, and that there is little harm done in giving a ZeroDate instead of the actual effective date if the actual date is long in the past.

dadrian commented 7 months ago

Requirements that predate the BRs or were included in the first version of the BRs use util.ZeroDate so that they are ran against all certificates.