[439] in Kerberos
Re: Liftimes in tickets
daemon@TELECOM.MIT.EDU (Jim Bloom)
Mon Jul 11 17:58:14 1988
From: Jim Bloom <jb%cs.brown.edu@RELAY.CS.NET>
To: Clifford Neuman <bcn%arctic.uit.uninett@TOR.NTA.NO>
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: Your message of "08 Jul 88 12:55:00 GMT."
I agree that the liftimes need a longer timeout. I personally think
the granularity should be in seconds. I realize this is probably much
finer than needed, but it makes calculations easier. Most machines
have a clock which counts seconds (plus maybe finer times). Working
in minutes, more arithmetic is required every time the lifetime is
checked. The disadvantage of this is that the field would need to be
at least 3 bytes long to record a reasonable maximum timeout (2 bytes
maxs out at 18 hours).
What's the tradeoff of encrypting additional bytes versus having to
convert time units (a multiplication or division)?
Jim
