Objective. Enforce the leap-second ban: stamps that claim 23:59:60 are invalid. Verification must reject such lines deterministically in plain ASCII.
Policy (normative)
- Input shape (UTC only):
iso_utc = "YYYY-MM-DDThh:mm:ssZ"(seconds only, no offsets/subseconds). - Forbidden: any
iso_utcwithss = 60(i.e.,23:59:60). - Verifier rule: immediate FAIL (syntax/policy) if
:60appears. - Rationale: keep the clock arithmetic branch-free and reproducible across tools.
Why the ban keeps math deterministic
- Clock is derived purely from UTC seconds:
wrap360(x) = x - 360*floor(x/360)theta_deg = wrap360( (unix_seconds / 86400) * 360 )rasi_idx = floor(theta_deg / 30) - By disallowing
23:59:60, all implementations map the sameiso_utcto the sameunix_secondswithout leap tables or special cases.
Test (copy-ready)
- Try to parse and verify a stamp with
iso_utc="YYYY-MM-DDT23:59:60Z". - Verifier checks field shapes before any math and rejects.
Expected output (stdout, ASCII)
HASH_OK=na CLOCK_OK=false CHAIN_OK=na ANCHOR_OK=na EVIDENCE_OK=na
VERDICT=FAIL
# reason (tooling may print): ISO_UTC_LEAP_SECOND_FORBIDDEN
Producer guidance
- Do not emit stamps during an inserted leap second.
- If an OS provides
:60, round/clip at the application layer to a valid second before stamping, or defer stamping by ≥1s.
Auditor checklist (quick)
- Reject any
iso_utcnot matchingYYYY-MM-DDThh:mm:ssZ. - Specifically scan for
:60and fail fast. - Do not attempt to remap/normalize leap-second stamps.
Navigation
Back: SSM-Clock Stamp – Float Parity Across Implementations (5.12)
Next: SSM-Clock Stamp – Algorithm Agility (file and chain digests) (5.14)
SHUNYAYA 