[cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates: User input

Scott Rea scott at scottrea.com
Fri Feb 10 08:48:57 UTC 2017


Generally speaking, I am not opposed to what you are trying to achieve with
your proposal, but I am less encumbered than other Forum members when it
comes to implementation, so I am trying to understand the disruption (from
their perception) that will manifest for them and their customers, should
this proceed.

On 398 vs 400: since your calling up Parkinson's law, you obviously think
this item trivial. If it's so trivial from your perspective, yet we have at
least a couple of Forum members who have indicated that as their
preference, perhaps you can justify why your taking such a hard stance on a
trivial item?

As I said, I am happy enough with other parts of the proposal, just this
one "trivial" item gives me pause. The main reason is that other trust
communities who have already implemented policy to limit lifetimes along
the lines of your proposal, have already chosen 400 days as an upper bound
- and that was not done purely for asthetics, but deliberately to avoid
contention in the community about whose definition of 13 months is correct
e.g. is it 395 or 396 or 398 etc.?

Anyway, my point is, there is another PKI trust community who uses WebPKI,
who already has a 400 day policy - I am asking for the same because it
aligns the two communities.

People like even things, and 400 is just 398 rounded, or 396 rounded or 393
rounded. It also conveys an impression of a standards body who is not all
bent out of shape and pedantic on trivial issues - and as you pointed out,
398 vs 400 is trivial.


On Feb 9, 2017 2:25 PM, "Ryan Sleevi" <sleevi at google.com> wrote:

Parkinson's Law of Triviality

Since we're still discussing this, can you explain why you believe those
two days would or should be sufficient, on their own merits, to cause a
"Yes" to be a "No" or a "No" to be a "Yes"

On Thu, Feb 9, 2017 at 12:51 PM, Scott Rea <scott at scottrea.com> wrote:

> What is wrong with 400 days instead of 398 Ryan?
> Regards,
> -Scott
> Snip...
> On Feb 9, 2017 12:45 PM, "Ryan Sleevi via Public" <public at cabforum.org>
> wrote:
> What would the world look like if we had required 398 day (nee 13 month)
> certificates from the get-go?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170210/692e126e/attachment-0003.html>

More information about the Public mailing list