(Illustration by Gaich Muramatsu)
On Fri, May 27, 2005 at 09:17:11AM +0200, Ivan Popov wrote: > I do not see any practical application of tokens "to be valid in the future" > either, but it may exist. As long as we have the timestamp, it would be safest > to check it - though we might relax the check to say "up to a minute in > the future is ok" or something? I just re-read, Integrating Security in a Large Distributed System Satyanarayanan, M. ACM Transactions on Computer Systems Aug. 1989, Vol. 7, No. 3, pp. 247-280 http://www-2.cs.cmu.edu/afs/cs/project/coda-www/ResearchWebPages/docdir/sec89.pdf And although it briefly mentions the begin timestamp, it provides no argument _why_ is exists. Looking at Kerberos 'history' shows that they have the same thing which is probably where it came from. However kerberos seems to need it because their lifetime seems to be defined as 5 minute increments from the begin timestamp, while the end timestamp in Coda is self-sufficient, i.e. a UNIX timestamp in seconds since the epoch. JanReceived on 2005-05-27 12:52:34