KerberosTime

Gustavo Rios gustavo.rios at terra.com.br
Thu Nov 6 22:10:20 EST 2003


kenh at cmf.nrl.navy.mil (Ken Hornstein) wrote in message news:<200311062142.hA6LfITi015469 at ginger.cmf.nrl.navy.mil>...
> >	Kerberos uses GeneralizedTime to communicate between the peers.
> >
> >My question is: Why?
> >
> >In my view (again my view) using integer to communicate the seconds
> >elapsed since 01/01/1970 is much easier to handle. Not to mention UNIX
> >do provides natural support for that (I mean: SUSV#), i.e., just obtain
> >the number of elapsed seconds the format it according to DER ASN
> >encoding. Would it be much easier?
> 
> Because it's very likely most of us will still be around by the time 
> the year 2038 rolls around. :-)

ASN allows you to use up to 127 octet for representing integer, so
using integer would not be a problem.

> But seriously, I suspect way back when the various parties were working
> on Kerberos 5, they wanted a protocol format that wasn't tied to
> timekeeping on the Unix operating system.  Yes, you can do epoch
> conversion in other operating systems, but it's a pain.  Also, it's
> never been very clear to me what you were supposed to do about leap
> seconds when dealing with epoch time.  At least GeneralizedTime is
> unambiguous and should be good until the year 9999.

SUSV# states that the mininal requirement for attributes of timeval is
32 bit, in fact, many unix vendors uses long. In many 64 bit
architecture, long is 64 bit: i mean, we can count up to the end of
universe. And we can do it now, remenber:we already have 64 bit
machines on the market. I ought to say by that time (2038) you will be
able to see the machines very common.

Sorry, but my doubt still remains.

Thanks for your time and cooperation.
best regards.

> --Ken
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos


More information about the Kerberos mailing list