Nico Williams <n...@cryptonector.com> writes: >That's just silly. Really, 7.5 years (relative, not absolute) measured in >hours is plenty good enough, and more than outlives current device >obsolescence. This isn't subject to Moore's law or anything like it.
I don't know what devices you work with, but for the ones where my code is used ten years is the baseline life expectancy, going out to 15-20 years for longer-life ones (I still have to deal with SSH bugs from the late 1990s, because the lifetime of the equipment that's used in is 20 years and counting. I think I've finally managed to get away from having to do SSLv3 within the last year or two). OTOH I doubt any of these devices will do pinning, they just bake in the certs at manufacture/provisioning, so I'm fine with any kind of lifetime. Just wanted to point out, yet again, that the entire world doesn't live in a "we can patch the entire deployed base in 24 hours" situation. peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
