<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<div class="moz-cite-prefix">On 03/19/2015 03:19 PM, Gervase Markham
wrote:<br>
</div>
<blockquote cite="mid:550ACCE1.5060805@mozilla.org" type="cite">
<pre wrap="">On 19/03/15 04:56, Ryan Sleevi wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Why 72 hours? Why not the OCSP max age?
</pre>
</blockquote>
<pre wrap="">
My view is that the risk analysis is not equivalent. Sane people may
disagree :-) Also, the documented OCSP max age is not the same thing as
what people use in practice. Several CAs have mentioned that they use
lower numbers. Therefore one could see the higher number as "looser
security than we currently have /de facto/".</pre>
</blockquote>
<br>
While probably true, it's actually even less relevant because it
really depends on what browsers actually do. <br>
<br>
And here it looks much different, as an example your Firefox reloads
it every 24 hours. Not sure about others like IE and Safari, but it
could be also set to a fixed time instead of what the OCSP
advertises as max age.<br>
<br>
<div class="moz-signature">-- <br>
<table border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td colspan="2">Regards </td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td>Signer: </td>
<td>Eddy Nigg, COO/CTO</td>
</tr>
<tr>
<td> </td>
<td><a href="http://www.startcom.org">StartCom Ltd.</a></td>
</tr>
<tr>
<td>XMPP: </td>
<td><a href="xmpp:startcom@startcom.org">startcom@startcom.org</a></td>
</tr>
<tr>
<td>Blog: </td>
<td><a href="http://blog.startcom.org">Join the Revolution!</a></td>
</tr>
<tr>
<td>Twitter: </td>
<td><a href="http://twitter.com/eddy_nigg">Follow Me</a></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
</tbody>
</table>
</div>
</body>
</html>