search

paseto-standard / paseto-rfc

Towards an IETF RFC draft for PASETO
Other
32 stars 1 forks source link

Why DtTime instad of NumericDate for 'exp', 'nbf', 'iat'? #4

Closed foriequal0 closed 1 year ago

foriequal0 commented 1 year ago

JWT RFC 7519 requires those claims contain a number containing a NumericDate value. https://www.rfc-editor.org/rfc/rfc7519.html#section-4.1.6

But the current PASETO RFC draft requires those claims to be DtTime. https://github.com/paseto-standard/paseto-rfc/blob/master/draft-paragon-paseto-rfc-01.txt#L1083-L1116

Any reasons for this?

paragonie-security commented 1 year ago

https://en.wikipedia.org/wiki/Year_2038_problem

foriequal0 commented 1 year ago

Isn't it only applied for 32bit representation? We can safely use up to 53bit in JSON in general. I think we don't have to worry about year 285,428,987 problem for a while.

paragonie-security commented 1 year ago

We're not constrained by JWT's mistakes, and ISO 8601 is preferable to UNIX timestamps because it encodes timezone information.