> Kerberos uses GeneralizedTime to communicate between the peers. > >My question is: Why? > >In my view (again my view) using integer to communicate the seconds >elapsed since 01/01/1970 is much easier to handle. Not to mention UNIX >do provides natural support for that (I mean: SUSV#), i.e., just obtain >the number of elapsed seconds the format it according to DER ASN >encoding. Would it be much easier?
Because it's very likely most of us will still be around by the time the year 2038 rolls around. :-) But seriously, I suspect way back when the various parties were working on Kerberos 5, they wanted a protocol format that wasn't tied to timekeeping on the Unix operating system. Yes, you can do epoch conversion in other operating systems, but it's a pain. Also, it's never been very clear to me what you were supposed to do about leap seconds when dealing with epoch time. At least GeneralizedTime is unambiguous and should be good until the year 9999. --Ken ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
