W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2009

Re: STS and lockCA

From: Gervase Markham <gerv@mozilla.org>
Date: Wed, 11 Nov 2009 14:28:42 +0000
Message-ID: <4AFACA1A.40107@mozilla.org>
To: Adam Barth <w3c@adambarth.com>
CC: Bil Corry <bil@corry.biz>, public-webapps@w3.org
On 11/11/09 08:57, Adam Barth wrote:
> Why do we need a browser mechanism for that?  It seems like the site
> can easily compute whatever max-age value it wishes to set.

Not to mention the fact that you normally don't actually want the LockCA
to expire at exactly the same time as the cert, because you don't
normally change certs over the second they expire! One would hope to be
safely on the new cert a week or two before the expiry of the old one -
at which point, the seeminly-simple "expire when cert expires" setting
comes back to bite you.

Received on Wednesday, 11 November 2009 14:29:32 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:20 UTC