[99098] in North American Network Operators' Group
Re: PKI operators anyone?
daemon@ATHENA.MIT.EDU (John Curran)
Wed Sep 5 12:28:07 2007
In-Reply-To: <46DECA57.6050308@ttec.com>
Date: Wed, 5 Sep 2007 12:22:45 -0400
To: Joe Maimon <jmaimon@ttec.com>
From: John Curran <jcurran@mail.com>
Cc: North American Networking and Offtopic Gripes List <nanog@nanog.org>
Errors-To: owner-nanog@merit.edu
At 11:25 AM -0400 9/5/07, Joe Maimon wrote:
>
>Sounds like what you are saying is that creating validity periods based on expected cracking time is an excerise in futility then.
No, what I'm saying is that the cracking time likely shorter than
we imagine, and an 80 year root and 15 year issuing certificate
expiration may be considered optimistic by some. Again, it also
depends on what exactly is the consequences of success versus
the maintenance headache.
>I dont see verisign roots expiring every five years.
I believe that they're on 30 years or so for the root CA
certificates, and shorter periods for the intermediates.
/John
