KerberosTime
Ken Hornstein
kenh at cmf.nrl.navy.mil
Thu Nov 6 16:41:17 EST 2003
> Kerberos uses GeneralizedTime to communicate between the peers.
>
>My question is: Why?
>
>In my view (again my view) using integer to communicate the seconds
>elapsed since 01/01/1970 is much easier to handle. Not to mention UNIX
>do provides natural support for that (I mean: SUSV#), i.e., just obtain
>the number of elapsed seconds the format it according to DER ASN
>encoding. Would it be much easier?
Because it's very likely most of us will still be around by the time
the year 2038 rolls around. :-)
But seriously, I suspect way back when the various parties were working
on Kerberos 5, they wanted a protocol format that wasn't tied to
timekeeping on the Unix operating system. Yes, you can do epoch
conversion in other operating systems, but it's a pain. Also, it's
never been very clear to me what you were supposed to do about leap
seconds when dealing with epoch time. At least GeneralizedTime is
unambiguous and should be good until the year 9999.
--Ken
More information about the Kerberos
mailing list