Thanks Trevor.
Ok so if we set the Max Age to 1 day or 10 days or 30 or 90 so what are the
realistic impacts? Increased Infrastructure how much? I have not seen the
tradeoffs cost(risks or added infrastructure) vs. benefits. I have been reading
the argument pro's and con's and the issue does n
On Tue, Jun 4, 2013 at 6:03 AM, Sheehe, Charles J. (GRC-DPC0) <
charles.j.she...@nasa.gov> wrote:
> Why can’t the Max-Max-AGE equal a formula Max age= (average
> usage)*2+1day
>
Hi Charles,
In the case of frequently visited sites, that would shrink pin lifetimes to
the point that even a brief
On Tue, Jun 4, 2013 at 3:04 AM, Tobias Gondrom
wrote:
> Hi Trevor, hi all,
>
> (again no hats)
>
> actually regarding browser lookups of pin lists:
> I rather have the pins work unlimited and all the time even without pin
> lists.
>
> But your idea might in fact be a solution to enable the unlimi
On Tue, Jun 4, 2013 at 4:07 AM, Yoav Nir wrote:
>
> If we want to find out a hash of the public key for an HTTPS server
> using heavy infrastructure, we might as well use DANE, no?
>
If TLSA records have typical DNS TTLs (a few hours or days), then they will
probably be too short-lived to be e
Why can't the Max-Max-AGE equal a formula Max age= (average usage)*2+1day
This should accommodate both and not the best for either.
Chuck
From: Yoav Nir [mailto:y...@checkpoint.com]
Sent: Tuesday, June 04, 2013 7:08 AM
To: Tobias Gondrom
Cc:
Subject: Re: [websec] Consensus call: Issue #57 (ma
Well. I am not strongly voting for it.
The point is, to have a hard limit of 30 days under the assumption of
the existence of such infrastructure would be worse, because then we
would need to rely on such infrastructure in all normal operation cases.
While with my approach we would need the infras
But doesn't this introduce a lot of infrastructure?
If we want to find out a hash of the public key for an HTTPS server using heavy
infrastructure, we might as well use DANE, no?
Yoav
On Jun 4, 2013, at 1:04 PM, Tobias Gondrom
mailto:tobias.gond...@gondrom.org>> wrote:
Hi Trevor, hi all,
(ag
Hi Trevor, hi all,
(again no hats)
actually regarding browser lookups of pin lists:
I rather have the pins work unlimited and all the time even without pin
lists.
But your idea might in fact be a solution to enable the unlimited pin
times.
Instead of constantly distributing the list of pins, we