[2262] in Kerberos_V5_Development
Re: leap seconds
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Fri Feb 21 11:38:50 1997
Date: Fri, 21 Feb 1997 11:38:29 -0500
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: Ken Raeburn <raeburn@cygnus.com>
Cc: "Theodore Y. Ts'o" <tytso@MIT.EDU>, krbdev@MIT.EDU
In-Reply-To: Ken Raeburn's message of 21 Feb 1997 01:26:46 -0500,
<tx1n2syr7x5.fsf@cygnus.com>
From: Ken Raeburn <raeburn@cygnus.com>
Date: 21 Feb 1997 01:26:46 -0500
I'm having trouble getting AltaVista to point me to an ASN.1 or DER
spec, so I'll let you check it.
The standard freeware reference is "A Layman's Guide to a Subset of
ASN.1, BER, and DER", by Burt Kaliski. You can find it at
ftp://ftp.rsa.com/pub/pkcs/ps/layman.ps
(or the one that I prefer, which has one or two bugs in the example
encodings, but which is laid out in a better way, since it wasn't done
using Microsoft Word :-)
ftp://ftp.rsa.com/pub/pkcs/old/layman.ps
ftp://ftp.rsa.com/pub/pkcs/old/layman.bug
According to Burt Kaliski, the seconds field must be in the range 00-59,
so it appears that 60 isn't allowed.
But even if the spec does say that, what *is* the "right" way to
handle a time of 23:59:60?
To make sure, I also double-checked the official ISO 8824:1989
specification, and it also states that the seconds field isn't allowed
to hit 60.
I have no idea what the "right" way to handle this situation, except
maybe to not issue X.509 certificates on the leap year (you should be
drinking Champaigne anyway :-). I can ask around, though.
- Ted
