> On Apr 18, 2018, at 11:25 PM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote:
>
>> That's just silly. Really, 7.5 years (relative, not absolute) measured in
>> hours is plenty good enough, and more than outlives current device
>> obsolescence. This isn't subject to Moore's law or anything like it.
>
> I don't know what devices you work with, but for the ones where my code is
> used ten years is the baseline life expectancy, going out to 15-20 years for
> longer-life ones (I still have to deal with SSH bugs from the late 1990s,
> because the lifetime of the equipment that's used in is 20 years and counting.
> I think I've finally managed to get away from having to do SSLv3 within the
> last year or two).
>
> OTOH I doubt any of these devices will do pinning, they just bake in the certs
> at manufacture/provisioning, so I'm fine with any kind of lifetime. Just
> wanted to point out, yet again, that the entire world doesn't live in a "we
> can patch the entire deployed base in 24 hours" situation.
Indeed, but if pinning were desired, all the device would have to do is call
the mother ship at least twice per decade, it can then work for multiple
decades.
I agree for many devices that don't wander the web in search of the latest cute
kitten photos, and just "call home", a single fixed cert is a more plausible
security model than either WebPKI or DANE.
--
Viktor.
_______________________________________________
TLS mailing list
TLS@ietf.org
https://www.ietf.org/mailman/listinfo/tls
