3. Security Considerations

The security considerations of RFC 7049 apply; the tags introduced here are not expected to raise security considerations beyond those.

A date, of course, has significant security considerations. These include the exploitation of ambiguities where the date is security relevant or where the date is used in access control decisions.

When using a calendar date for decision making (for example, access control), it needs to be noted that since calendar dates do not represent a specific point in time, the results of the evaluation can differ depending upon where the decision is made. For instance, a person may have reached their 21st birthday in Japan while simultaneously being a day short of their 21st birthday in Hawaii. Similarly, it would be inappropriate to use only a date to trigger certificate expiration, since a date corresponds to a range of times worldwide rather than a specific point in time that is independent of geographic location.