On Fri, Jul 8, 2016 at 6:09 AM, Ilari Liusvaara <ilariliusva...@welho.com> wrote:
> > There is validity start time in there, the relative end time would > be relative to that. > > That is, instead of saying "this is valid from t1 to t2", saying "this > is valid from t to t+dt". > > No real perference either way, it was just an experiment to play with > time notations. > I think either would be fine, but once we start playing with the units (e.g., decaseconds), we're probably likely to increase errors. The nice thing about (t,dt) is that of the required checks: t <= now now <= t+dt dt <= 7 days the complex case (doing arithmetic on timestamps, for some value of "complex") has a straightforward backup control with no arithmetic and with comparison to a static value: dt <= 604800. With (t1,t2), the 7 day hard limit is the more complex check. That said, anyone hacking on security software probably shouldn't screw this up in either case. I'm even struggling to imagine a system library that could lead to unexpected errors here, given that the values are just epoch times. Kyle
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls