[cabfpub] Durations

[Eric Mill]

Just to try to +1 Jacob's point by summing it up -- by requiring a maximum
of 398 days, CAs can continue to safely issue any "human-friendly" form of
13 month renewals, in ways that don't cause calendar drift.

Any such human-intuitive strategy will be guaranteed to stay under 398
days, and then clients/tools that enforce compliance can take the
computer-intuitive strategy of checking if the cert's valid for 398 days or
less.

-- Eric

On Sun, Feb 5, 2017 at 4:56 PM, Jacob Hoffman-Andrews via Public <
public at cabforum.org> wrote:

> On Sun, Feb 5, 2017 at 1:34 PM, Kirk Hall via Public <public at cabforum.org>
> wrote:
>
>> Many of us have complex validation and issuance programming already based
>> on months and anniversaries, and there doesn't seem to be a good reason to
>> reprogram all this to a set number of days
>
>
> Peter's proposal wouldn't require you to reprogram any of that, because it
> is strictly more permissive than the months / anniversaries code you
> already have. The best approach would be to continue what you are doing,
> and always issue on the first of the month or some other anniversary. Then
> you get the human-readable benefit, and would be sure that you are within
> the 398 day period.
>
>
>> - plus, again, it's harder for humans to calculate the last time or the
>> next time a task had to be done.  That's my opinion.
>>
>
> The 398 day period (vs 365 days) is specifically intended to give the
> wiggle room needed for subscribers and CAs to be able to schedule a renewal
> at the same time each year. If you always schedule your renewal for March 1
> every year, you would still be able to do that just fine, and have a month
> (or ~31 days) of leeway.
>
> > Should be easy to reach agreement on what 13 months means, and how to
> measure it.
>
> Yep, that's the topic of this thread! Peter is proposing that the easiest
> way to measure 13 months is to define it as 398 days. I think you will find
> broad consensus among programmers that it's easier to reliably measure
> periods in terms of days than in terms of months.
>
> Another way to think of this: The goal is to renew every year (~365 days),
> but give people some leeway so they can keep the renewal on the same date.
> If we make that leeway 32 days, everything works out nicely.
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>


-- 
konklone.com | @konklone <https://twitter.com/konklone>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170205/667fb772/attachment-0003.html>