[cabfpub] Draft Ballot 185 - Limiting the Lifetime of Certificates: User input

Ryan Sleevi sleevi at google.com
Fri Feb 10 17:36:42 UTC 2017

On Fri, Feb 10, 2017 at 9:23 AM, Scott Rea <scott at scottrea.com> wrote:

> Ryan, I think I may have missed something in your earlier argument
> because I don't agree that 398 is an "...objective technical value".
> Isn't 398 just your representation of an upper bound on 13 months?

No. It was chosen for precise technical considerations. You can see them
enumerated in

398 days represents the maximum validity period that accounts for all
possible 'special' cases - leap years, 31 day months, and leap seconds
(which might cause rounding errors). It is the smallest possible value
which is difficult to get right.

> When introducing new policies, doesn't it behoove us to take a look at
> other trust communities who may have already tried to solve the same
> issue to see if there is anything we can learn, rather than reinventing
> the wheel every time?

I do think this is very valuable, but you have to yet to show anything that
we can or should learn - that is, objective technical value. You've shared
with us that another community chose 400 days, but you've yet to advance
any reasonable technical consideration as to why 400 is better,
objectively, than 398. The only argument that has so far not been shown as
incorrect is the aesthetic one.

> Your 398 is NOT objective, its arbitrary, just as 400 is arbitrary.
> Choosing 398 increases the burden of implementation for some CAs,
> choosing 400 reduces the burden for some CAs, as such, I don't see 398
> as the best choice.

It sounds like you may have missed Peter's message, but hopefully that
clarifies why 398 is objective. Similarly, the original discussion about
why "13 months" rather than "12 months" was already captured in

Hopefully that clarifies any confusion and better explains why I still
don't believe any change is necessary to accommodate your wish.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20170210/d0422a5b/attachment-0003.html>

More information about the Public mailing list