On Wed, Apr 18, 2018 at 11:34:14PM -0400, Viktor Dukhovni wrote: > > On Apr 18, 2018, at 11:25 PM, Peter Gutmann <pgut...@cs.auckland.ac.nz> > > wrote: > >> That's just silly. Really, 7.5 years (relative, not absolute) measured in > >> hours is plenty good enough, and more than outlives current device > >> obsolescence. This isn't subject to Moore's law or anything like it. > > > > I don't know what devices you work with, but for the ones where my code is > > used ten years is the baseline life expectancy, going out to 15-20 years for > > longer-life ones (I still have to deal with SSH bugs from the late 1990s, > > because the lifetime of the equipment that's used in is 20 years and > > counting. > > I think I've finally managed to get away from having to do SSLv3 within the > > last year or two). > > > > OTOH I doubt any of these devices will do pinning, they just bake in the > > certs > > at manufacture/provisioning, so I'm fine with any kind of lifetime. Just > > wanted to point out, yet again, that the entire world doesn't live in a "we > > can patch the entire deployed base in 24 hours" situation. > > Indeed, but if pinning were desired, all the device would have to do > is call the mother ship at least twice per decade, it can then work > for multiple decades.
Exactly. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
