yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1513541] Re: Support sub-second accuracy in Fernet's creation timestamp

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Morgan Fainberg <morgan.fainberg@xxxxxxxxx>
Date: Mon, 08 Feb 2016 11:00:04 -0000
Reply-to: Bug 1513541 <1513541@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: keystone
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1513541

Title:
  Support sub-second accuracy in Fernet's creation timestamp

Status in OpenStack Identity (keystone):
  Won't Fix

Bug description:
  The fernet token provider has sub-second format, but it is currently
  truncated to .000000Z. This is because the library (pyca/cryptography
  [0]) that keystone relies on for generating fernet tokens uses integer
  timestamps instead of floats, which loses sub-second accuracy. We
  should find a way to support sub-second accuracy in Fernet's creation
  timestamp so that we don't hit token revocation edge cases, like the
  ones documented here - https://review.openstack.org/#/c/227995/ .

  This will likely have to be a coordinated effort between the
  cryptography development community and the maintainers of the Fernet
  specification [1].

  This bug is to track that we include the corresponding fix (via
  version bump of cryptography) for keystone.

  
  [0] https://github.com/pyca/cryptography
  [1] https://github.com/fernet/spec

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1513541/+subscriptions

References

[Bug 1513541] [NEW] Support sub-second accuracy in Fernet's creation timestamp
From: Lance Bragstad, 2015-11-05