> On Feb 24, 2017, at 3:33 PM, David Illsley <[email protected]> wrote:
>
> I think I agree with where you've got to, but I do want to clarify
> that I think it's important that a shorter refresh period doesn't
> shorten the policy expiry - we want a 6 month policy to be cached
> and relied on for 6 months, even if, for most of that 6 months an
> attacker is blocking a more frequent DNS policy check.
That's a given, modulo local policy on the sending side that might
set a lower ceiling on the length of time for which policies are
allowed be cached. Remote systems should not be able to force
cache storage indefinitely. The effective cache lifetime will be
the lower of the remotely requested lifetime and the local policy
ceiling.
Refresh failure with periodic probing does not invalidate already
cached unexpired data.
If you feel this needs to be said explicitly, that's OK. It seemed
pretty obvious to me.
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
