Hello, reading RFC 8461 again and again I find not answer on "is there is a minimum value?"
https://tools.ietf.org/html/rfc8461#section-3.2 say "max_age": Max lifetime of the policy (plaintext non-negative integer seconds, maximum value of 31557600). Well-behaved clients SHOULD cache a policy for up to this value from the last policy fetch time. To mitigate the risks of attacks at policy refresh time, it is expected that this value typically be in the range of weeks or greater. The RFC define a maximum but only an expectation for the minimum :-/ There are not as many implementations in use. What does implementers think on this? How do you handle max_age > 31557600 and do you require any minimum value for max_age? postfix-mta-sts-resolver for example require only a value >= 0 . https://github.com/Snawoot/postfix-mta-sts-resolver/blob/c7b3d179fb10277f9bcdc77e7cd91627c879a48b/postfix_mta_sts_resolver/resolver.py#L144 Andreas _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
