KerberosTime

Gustavo V. G. C. Rios gustavo.rios at terra.com.br
Thu Nov 6 16:05:37 EST 2003


Dear gentleman,

at the present momment i am having an increasing interest on Kerberos
Security Protocol. So i started studying RFC 1510 and lots of other
document on the subject. Then i sit down and started writing and ASN DER
parser for all messages exchanges in the context of kerberos.

Writing the parser is pretty easy, but one thing i could not understand:

	Kerberos uses GeneralizedTime to communicate between the peers.

My question is: Why?

In my view (again my view) using integer to communicate the seconds
elapsed since 01/01/1970 is much easier to handle. Not to mention UNIX
do provides natural support for that (I mean: SUSV#), i.e., just obtain
the number of elapsed seconds the format it according to DER ASN
encoding. Would it be much easier?

I say that cause writing a the function to convert betweem the number of
seconds to GeneralizedTime is really a pain in the neck, and why to do
it? I answer: for nothing (in real just to transmit data).

Since dealing with integer is much more natural for modern computer i
cannot see the motivation for using GeneralizedTime, since revert the
encoding back to integral. Here is what i am doing:


 Client ----------------------------------------------> Server
	convert				   convert
	integer to			  GeneralizedTime
	GeneralizedTime			  to integer

On the flow from server to client, i have the opposite semantics. You
see? i am using GeneralizedTime for nothing...

Gentlemen, these are my view only (The view of a beginner yet), would
some mind explaining me what is the rationale behind using
GeneralizedTime?

Thanks a lot for your time and cooperation.


More information about the Kerberos mailing list