[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: re. date format

>   I think that the public key operation will be far more costly in
> terms of CPU power than the parsing of the ASCII. 

I'm not worried about cpu power as much as programmer time fiddling
with time/date converstion routines... 

There was/is a bug with kerberos v5 which occured when the unix
time->human time and human_time->unix time functions weren't exact
inverses..  (the unix->human one is a long-time standard libc function
while the inverse isn't always available on all systems; so kerberos
included its own version of the inverse function.. which didn't agree
with the system function on some systems..).

> timelocal() is relatively common now.  I remember coding it for
> AmigaDOS and SVR3, StunOS, but I haven't had to do that recently.

>   I would also imagine most certificates to be valid from "now" to
> "now"+delta. And so long as the certificate that we are delegating is
> valid during that period, there is no reason to actually read the
> dates from that cert.

presumably you at least need to verify that all certs along the chain
haven't expired.. and if you're caching that verification, compute the
intersection of the validity ranges so you know how long the
authorization lasts..

						- Bill

Follow-Ups: References: