[cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates: User input

Ryan Sleevi sleevi at google.com
Fri Feb 10 08:51:49 MST 2017

On Fri, Feb 10, 2017 at 12:48 AM, Scott Rea <scott at scottrea.com> wrote:
> On 398 vs 400: since your calling up Parkinson's law, you obviously think
> this item trivial. If it's so trivial from your perspective, yet we have at
> least a couple of Forum members who have indicated that as their
> preference, perhaps you can justify why your taking such a hard stance on a
> trivial item?

Let's not misrepresent things, Scott.

By my measures, only a single measure suggested support for your proposal -
https://cabforum.org/pipermail/public/2017-February/009487.html - but it
wasn't a hard blocker.

So we really are talking about painting a bikeshed, and we really should be
making decisions informed by data or for objective reasons, not just for
pretty numbers.

> As I said, I am happy enough with other parts of the proposal, just this
> one "trivial" item gives me pause. The main reason is that other trust
> communities who have already implemented policy to limit lifetimes along
> the lines of your proposal, have already chosen 400 days as an upper bound
> - and that was not done purely for asthetics, but deliberately to avoid
> contention in the community about whose definition of 13 months is correct
> e.g. is it 395 or 396 or 398 etc.?

Except 398 days avoids that confusion. So the only remaining difference -
between 398 days and 400 - is purely aesthetic.

> Anyway, my point is, there is another PKI trust community who uses WebPKI,
> who already has a 400 day policy - I am asking for the same because it
> aligns the two communities.

Explain to me what value that alignment provides, especially since that's
not a community involves with the CA/Browser Forum?

That's akin to making the argument that because red cars are known to be
faster, we should all own red cars. The premise it rests on is flawed, but
so too is the (il)logical conclusion.

> People like even things, and 400 is just 398 rounded, or 396 rounded or
> 393 rounded. It also conveys an impression of a standards body who is not
> all bent out of shape and pedantic on trivial issues - and as you pointed
> out, 398 vs 400 is trivial.

I would think the fact that we still have a thread about 400 vs 398
suggests that some members very much are bent out of shape and pedantic on
trivial issues.

Given that the Ballot was put forward at 398 days, precisely because you
offered no evidence as to the value or significance of 398 vs 400 (and have
still been unable to), is your suggestion that the appearances of this
community is best served by withdrawing the ballot to accommodate your
aesthetic desires? Don't you think that will have a greater impact as to
the negative appearances that you raise concern for?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20170210/b5fb1ad6/attachment-0001.html>

More information about the Public mailing list