So Peter’s proposal of 398 days is 1 regular year + 1 31-day month + 2 extra days, OR 1 leap year + 1 31-day month + 1 extra day. So 398 days is always more than 13 months – in some cases, 5 days more than 13 months (365+28 days = 393 days).
I don’t understand what problem this proposal is intended to address. If a CA sticks with “13 months” it should always end up with fewer than 398 days. Peter, are you proposing a more liberal “safe harbor” for CAs so they don’t have to program for odd numbers of days in months or years? If one goal of the proposal is to try to get to a more uniform interpretation of what 13 (or 39) months is, we can add a rule to the BRs like the following: If any provision in these requirements permits or requires a time period stated in months, CAs shall calculate the time period as follows: (a) The hour, minute, and second of the end of the time period shall be the same as for the start of the time period. (b) The month of the end of the time period shall be the specified number of months ahead of the month of the start of the time period. (c) The date of the end of the time period shall be the same date as the start of the time period, unless there is no equivalent date for the month at the end of the time period. In that event, the CA shall choose the closest available date that exists for the month at the end of the time period. Examples: 13 Month Period (Start of Period – End of Period) 2016-04-16 12:00:01 - 2017-05-16 12:00:01 2016-03-31 12:35:16 - 2016-04-30 12:35:16 2015-01-31 04-06-55 - 2015-02-29 04-06-55 2016-01-31 04-06-55 - 2017-02-28 04-06-55 Something like that should bring uniformity among all CAs. Look, I’m not passionate about this, but I don’t understand where the proposal is coming from. Has anyone been asking for validity periods or revetting periods to be set in number of days rather than months? From: Public [mailto:[email protected]] On Behalf Of Eric Mill via Public Sent: Sunday, February 5, 2017 3:05 PM To: CA/Browser Forum Public Discussion List <[email protected]> Cc: Eric Mill <[email protected]> Subject: Re: [cabfpub] Durations Just to try to +1 Jacob's point by summing it up -- by requiring a maximum of 398 days, CAs can continue to safely issue any "human-friendly" form of 13 month renewals, in ways that don't cause calendar drift. Any such human-intuitive strategy will be guaranteed to stay under 398 days, and then clients/tools that enforce compliance can take the computer-intuitive strategy of checking if the cert's valid for 398 days or less. -- Eric On Sun, Feb 5, 2017 at 4:56 PM, Jacob Hoffman-Andrews via Public <[email protected]<mailto:[email protected]>> wrote: On Sun, Feb 5, 2017 at 1:34 PM, Kirk Hall via Public <[email protected]<mailto:[email protected]>> wrote: Many of us have complex validation and issuance programming already based on months and anniversaries, and there doesn't seem to be a good reason to reprogram all this to a set number of days Peter's proposal wouldn't require you to reprogram any of that, because it is strictly more permissive than the months / anniversaries code you already have. The best approach would be to continue what you are doing, and always issue on the first of the month or some other anniversary. Then you get the human-readable benefit, and would be sure that you are within the 398 day period. - plus, again, it's harder for humans to calculate the last time or the next time a task had to be done. That's my opinion. The 398 day period (vs 365 days) is specifically intended to give the wiggle room needed for subscribers and CAs to be able to schedule a renewal at the same time each year. If you always schedule your renewal for March 1 every year, you would still be able to do that just fine, and have a month (or ~31 days) of leeway. > Should be easy to reach agreement on what 13 months means, and how to measure > it. Yep, that's the topic of this thread! Peter is proposing that the easiest way to measure 13 months is to define it as 398 days. I think you will find broad consensus among programmers that it's easier to reliably measure periods in terms of days than in terms of months. Another way to think of this: The goal is to renew every year (~365 days), but give people some leeway so they can keep the renewal on the same date. If we make that leeway 32 days, everything works out nicely. _______________________________________________ Public mailing list [email protected]<mailto:[email protected]> https://cabforum.org/mailman/listinfo/public -- konklone.com<https://konklone.com> | @konklone<https://twitter.com/konklone>
_______________________________________________ Public mailing list [email protected] https://cabforum.org/mailman/listinfo/public
