KerberosTime
Gustavo V. G. C. Rios
gustavo.rios at terra.com.br
Thu Nov 6 16:05:37 EST 2003
Dear gentleman,
at the present momment i am having an increasing interest on Kerberos
Security Protocol. So i started studying RFC 1510 and lots of other
document on the subject. Then i sit down and started writing and ASN DER
parser for all messages exchanges in the context of kerberos.
Writing the parser is pretty easy, but one thing i could not understand:
Kerberos uses GeneralizedTime to communicate between the peers.
My question is: Why?
In my view (again my view) using integer to communicate the seconds
elapsed since 01/01/1970 is much easier to handle. Not to mention UNIX
do provides natural support for that (I mean: SUSV#), i.e., just obtain
the number of elapsed seconds the format it according to DER ASN
encoding. Would it be much easier?
I say that cause writing a the function to convert betweem the number of
seconds to GeneralizedTime is really a pain in the neck, and why to do
it? I answer: for nothing (in real just to transmit data).
Since dealing with integer is much more natural for modern computer i
cannot see the motivation for using GeneralizedTime, since revert the
encoding back to integral. Here is what i am doing:
Client ----------------------------------------------> Server
convert convert
integer to GeneralizedTime
GeneralizedTime to integer
On the flow from server to client, i have the opposite semantics. You
see? i am using GeneralizedTime for nothing...
Gentlemen, these are my view only (The view of a beginner yet), would
some mind explaining me what is the rationale behind using
GeneralizedTime?
Thanks a lot for your time and cooperation.
More information about the Kerberos
mailing list