W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2009

Re: STS and lockCA

From: Gervase Markham <gerv@mozilla.org>
Date: Wed, 11 Nov 2009 14:28:42 +0000
Message-ID: <4AFACA1A.40107@mozilla.org>
To: Adam Barth <w3c@adambarth.com>
CC: Bil Corry <bil@corry.biz>, public-webapps@w3.org
On 11/11/09 08:57, Adam Barth wrote:
> Why do we need a browser mechanism for that?  It seems like the site
> can easily compute whatever max-age value it wishes to set.

Not to mention the fact that you normally don't actually want the LockCA
to expire at exactly the same time as the cert, because you don't
normally change certs over the second they expire! One would hope to be
safely on the new cert a week or two before the expiry of the old one -
at which point, the seeminly-simple "expire when cert expires" setting
comes back to bite you.

Gerv
Received on Wednesday, 11 November 2009 14:29:32 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:35 GMT