[cabfpub] Certificate lifetimes: end state or trajectory?

Gervase Markham gerv at mozilla.org
Fri Mar 10 05:34:06 MST 2017


On 03/03/17 19:07, Geoff Keating wrote:
> If we’re setting out a roadmap, and the end point of the road map is
> 13 months, I would ask what 13 months gives us that 27 or 39 doesn’t;
> and why stop at 13 months rather than some other number?  Why not
> keep going all the way to 90 days or 30 days or 7 days?

Well, because people's crystal balls are only so clear, and 7 days would
be a long, long way away even if it were a target.

I am asserting that if we pass a "27 months only" ballot now, people
would be very surprised if in six months time we then published a
"...and 13 months a little while after that" ballot. If in fact you
think this wouldn't surprise people and would be totally fine, say so.
But my suggestion is that if we plan to continue reducing, we need to
say so.

> I’d rather be having a discussion about the end state.  If the vision
> is that all devices should automatically acquire and renew
> certificates, when is a practical date for that vision to be
> realized?  

No-one knows yet. Which is why we can't have a dated roadmap to it.

> And what benefits does it give that makes it worth the
> substantial effort to implement?

Many have been articulated already; did you miss them, or are you asking
for them to be re-summarised?

Gerv



More information about the Public mailing list