24.9.6 Determining Which Message Time to Use

The timestampdelta parameter is used primarily for these purposes:

1. To handle the situation of a message that takes a long time to arrive at its destination. For this case, the sender’s key might be treated as an invalid key despite the fact that the key was valid when the message was sent.

2. To limit the trust in a message’s sent time because sent times can be faked.

There are two times associated with every message:

• The time when the message was sent, as found in the Date line of the message header detail

• The time when the message arrives at its destination, as found in the last Received line of the message header detail

View the message header detail by clicking the triangle icon at the right hand side of a message’s From field.

A certificate that was valid when a message was sent can be revoked or expired by the time the message reaches its destination. When this happens, which time should be used when checking the validity of the certificate, the sent time or the received time? Using the sent time would verify that the certificate was valid when the message was sent. But always using the sent time does not take into account the fact that it might take a long time for a message to arrive at its destination, in which case it would be better to use the received time.

You can influence which time to use for CRL checking by using the timestampdelta parameter in the smime.conf file. Set this parameter to a positive integer, representing seconds. If the received time minus the value of timestampdelta is a time before the sent time, the sent time is used. Otherwise, the received time is used. The smaller the value of timestampdelta, the more often the received time is used. When timestampdelta is not set, the received time is always used. See timestampdelta in Table 24–3.