Thanks a lot for your clarifications!
Sam Hartman wrote: > > In your quest to understand KerberosTime, you seem to be missing the > critical factor in standardization decisions. The important thing in > most cases is to have a decision made and to agree to that decisions. > Representations of data don't matter all that much; we'd be OK with > integer time, we seem to be OK with KerberosTime. > > we're certainly better off having all the Kerberos implementations and > specifications use a single format for time. We're certainly better > off keeping things that way rather than paying the cost to change our > time representation. > > When decisions are made, factors like representation size, > implementation complexity and handling corner cases like time beyond > the year 2038 are worth discussing. When we are aware of these > factors, we try to account for them. But once the decision is made, > the reasoning is often no longer important. It might have been an > arbitrary decision made by someone who didn't really thing things > through and needed some way to represent time. It might have been > something the working group spent hours arguing over. But the > decision will remain because we wish to continue being interoperable > and the cost of change is too high. > > Sometimes we need to pay the price of change; if we had used integer > time, we would need to make sure eventually that all the > implementations could deal with integers longer than 32-bits. We're > having a long drawn-out discussion of how to handle making Kerberos > extensible withing the Kerberos working group. We believe it has > finally gotten to a point where we need to pay that price. > > But questioning decisions of the early Kerberos ASN.1 rarely leads to > enlightenment. RFc 1510 does not use ASN.1 particularly well. Many > of the decisions in RFC 1510 are fairly arbitrary. Feel free to ask > the questions; you may find out something new or draw our attention to > some problem. Just don't be surprised to learn that an arbitrary > decision was made years ago and no one knows why or questioned the > decision. > > --Sam ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
