[2260] in Kerberos_V5_Development
Re: leap seconds
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Fri Feb 21 01:27:32 1997
To: "Theodore Y. Ts'o" <tytso@MIT.EDU>
Cc: krbdev@MIT.EDU
From: Ken Raeburn <raeburn@cygnus.com>
Date: 21 Feb 1997 01:26:46 -0500
In-Reply-To: "Theodore Y. Ts'o"'s message of Fri, 21 Feb 1997 00:25:34 -0500
"Theodore Y. Ts'o" <tytso@MIT.EDU> writes:
> This is why we're using the DER --- the D stands for distinguished,
> which means that there's only supposed to be one cannoncal
> representation for any given abstract data type. Hence, I'm not sure I
> believe Bill's claim that 235960 is legal. I'll have to check the ASN.1
> specs, but I'm pretty sure the seconds field has to stay within 0..59.
I'm having trouble getting AltaVista to point me to an ASN.1 or DER
spec, so I'll let you check it.
But even if the spec does say that, what *is* the "right" way to
handle a time of 23:59:60?
> Note that this problem isn't unique to Kerberos. X.509 certificates
> also have to be capable of surviving being disassembled by an ASN.1
> decodere, and then reassuembled via an ASN.1 encoder, and not have the
> digital signature break. The whole point of DER is to make this
> possible.
Then hopefully someone else has addressed this problem and recommended
a solution?
