[cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates: User input

Eric Mill eric at konklone.com
Fri Feb 10 10:36:34 MST 2017


I really think it would be worth picking 400 days and moving on, as there
are other more significant aspects of the proposal that would benefit from
arriving at consensus or something close to it, and energy spent on 398 v
400 is energy not spent on addressing those issues.

On Fri, Feb 10, 2017 at 12:30 PM, Scott Rea via Public <public at cabforum.org>
wrote:

> Rob,
>
> I am not defending the calculations used to justify 400, only reporting
> how that community arrived at 400 as their "line in the sand". As Ryan
> has pointed out, CAs can manage the public holidays and weekends etc -
> what is important, is that there is a line in the sand that everyone
> agrees to and adheres to.
>
> My point is that there is prior art - albeit in another trust community,
> that chose 400 as their line in the sand. Some of the CAs (including
> your own I believe) operate in that community and in WebPKI, so to make
> it less burdensome on those CAs to comply with different policies
> amounting to different numbers or lines in the sand, why cant we make
> them the same?
>
> Regards,
> -Scott
>
> On 2/10/2017 9:05 PM, Rob Stradling wrote:
> > On 10/02/17 16:44, Ryan Sleevi via Public wrote:
> >> On Fri, Feb 10, 2017 at 8:25 AM, Scott Rea wrote:
> >>
> >>     The reasoning behind the 400 vs some other derivative of 13 months
> >> was
> >>     the 398 was an upper bound (per the logic you have described) plus 2
> >>     extra days were given to account for 398-day anniversary falling on
> a
> >>     week-end, so that the key holders and CAs could address any change
> >>     during normal business hours.
> >
> > Weekends are a regular disruption to business hours, but they aren't the
> > only such disruption during the course of a year.
> >
> > Consider a certificate issued to a US subscriber that expires on
> > Thursday November 23rd 2017.  Normal business hours won't resume until 4
> > days later.
> > http://www.officeholidays.com/countries/usa/
> >
> > Ditto for a certificate issued to a UK subscriber that expires on Friday
> > 14th April 2017.
> > https://www.gov.uk/bank-holidays
> >
> > Would that justify an additional 2 extra days?
> >
>
> --
> Scott Rea, MSc, CISSP
> Ph# (801) 874-4114
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>



-- 
konklone.com | @konklone <https://twitter.com/konklone>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170210/f3ff0d00/attachment-0001.html>


More information about the Public mailing list