[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: re. date format

To: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Subject: Re: re. date format
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
Date: Tue, 25 Nov 1997 13:18:39 -0500
Cc: spki@c2.net
In-Reply-To: Your message of "Tue, 25 Nov 1997 09:09:06 +0200 ." <199711250709.JAA20359@morden.sandelman.ottawa.on.ca>
Sender: owner-spki@c2.net

>   I think that the public key operation will be far more costly in
> terms of CPU power than the parsing of the ASCII. 

I'm not worried about cpu power as much as programmer time fiddling
with time/date converstion routines... 

There was/is a bug with kerberos v5 which occured when the unix
time->human time and human_time->unix time functions weren't exact
inverses..  (the unix->human one is a long-time standard libc function
while the inverse isn't always available on all systems; so kerberos
included its own version of the inverse function.. which didn't agree
with the system function on some systems..).

> timelocal() is relatively common now.  I remember coding it for
> AmigaDOS and SVR3, StunOS, but I haven't had to do that recently.

>   I would also imagine most certificates to be valid from "now" to
> "now"+delta. And so long as the certificate that we are delegating is
> valid during that period, there is no reason to actually read the
> dates from that cert.

presumably you at least need to verify that all certs along the chain
haven't expired.. and if you're caching that verification, compute the
intersection of the validity ranges so you know how long the
authorization lasts..

						- Bill

Follow-Ups:

Re: re. date format

From: Carl Ellison <cme@cybercash.com>

References:

Re: re. date format

From: Michael Richardson <mcr@sandelman.ottawa.on.ca>

Prev by Date: Re: time resolution (was Re: six-page binary format draft)
Next by Date: Re: time and date
Prev by thread: Re: re. date format
Next by thread: Re: re. date format
Index(es):
- Main
- Thread