Re: Ben Campbell's Yes on draft-ietf-httpbis-expect-ct-07: (with COMMENT) from Mark Nottingham on 2018-09-12 (ietf-http-wg@w3.org from July to September 2018)

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 12 Sep 2018 09:11:58 -0700
To: Ben Campbell <ben@nostrum.com>
Cc: The IESG <iesg@ietf.org>, draft-ietf-httpbis-expect-ct@ietf.org, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <344BD18A-D940-41E3-89C5-C532EA2AE9FD@mnot.net>

> On 12 Sep 2018, at 9:06 am, Ben Campbell <ben@nostrum.com> wrote:
> 
> Hi Mark,
> 
> Just one comment-question :-)
>>> 

>>> §2.1.3: The guidance for max-age in the security considerations section
>>> suggests 30 days is a good value. But the directive is specified in seconds.
>>> Does that make sense? Would a 1 second max-age ever be reasonable? Or even 30
>>> days + 1 second?
>> 
>> Pretty much everything in HTTP is done at second granularity; deviating from that would be odd IMO.
> 
> I certainly don’t have all the HTTP uses of time intervals loaded in my head--are time intervals on the order of “1 month” commonly used elsewhere?

In that sort of syntax, no. The desired semantic is often something like that, but the syntax is almost invariably integer-number-of-seconds.

Cheers,



--
Mark Nottingham   https://www.mnot.net/

Received on Wednesday, 12 September 2018 16:12:25 UTC