[2259] in Kerberos_V5_Development
Re: leap seconds
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Fri Feb 21 00:28:40 1997
Date: Fri, 21 Feb 1997 00:25:34 -0500
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: Ken Raeburn <raeburn@cygnus.com>
Cc: "Theodore Y. Ts'o" <tytso@MIT.EDU>, krbdev@MIT.EDU
In-Reply-To: Ken Raeburn's message of 21 Feb 1997 00:10:34 -0500,
<tx1ohderbg5.fsf@cygnus.com>
From: Ken Raeburn <raeburn@cygnus.com>
Date: 21 Feb 1997 00:10:34 -0500
"Theodore Y. Ts'o" <tytso@MIT.EDU> writes:
> Well, the important thing is that a time which is asn1_decoded, and then
> asn1_encoded, is the same as it originally started.
Are you *sure*?
If the string->number->string conversion has to yield the original
value, and if the input string can come from the net, and if any
implementation is permitted to send "...235960", then *every*
implementation ought to understand and generate that same string!
The problem is that the checksum is calculated over the ASN.1 encoded
structure, but there are places where the ASN.1 encoded structure is
decoded into a C structure, and when we reassemble it into a ASN.1
structure, we don't want the checksum to break.
This is why we're using the DER --- the D stands for distinguished,
which means that there's only supposed to be one cannoncal
representation for any given abstract data type. Hence, I'm not sure I
believe Bill's claim that 235960 is legal. I'll have to check the ASN.1
specs, but I'm pretty sure the seconds field has to stay within 0..59.
Note that this problem isn't unique to Kerberos. X.509 certificates
also have to be capable of surviving being disassembled by an ASN.1
decodere, and then reassuembled via an ASN.1 encoder, and not have the
digital signature break. The whole point of DER is to make this
possible.
- Ted
