Re: Ben Campbell's Yes on draft-ietf-httpbis-expect-ct-07: (with COMMENT) from Ben Campbell on 2018-09-12 (ietf-http-wg@w3.org from July to September 2018)

From: Ben Campbell <ben@nostrum.com>
Date: Wed, 12 Sep 2018 11:17:25 -0500
To: Mark Nottingham <mnot@mnot.net>
Cc: The IESG <iesg@ietf.org>, draft-ietf-httpbis-expect-ct@ietf.org, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <C5873087-B8C2-4AF1-A09A-F4803D2A2079@nostrum.com>

> On Sep 12, 2018, at 11:11 AM, Mark Nottingham <mnot@mnot.net> wrote:
> 
> 
> 
>> On 12 Sep 2018, at 9:06 am, Ben Campbell <ben@nostrum.com> wrote:
>> 
>> Hi Mark,
>> 
>> Just one comment-question :-)
>>>> 
> 
>>>> §2.1.3: The guidance for max-age in the security considerations section
>>>> suggests 30 days is a good value. But the directive is specified in seconds.
>>>> Does that make sense? Would a 1 second max-age ever be reasonable? Or even 30
>>>> days + 1 second?
>>> 
>>> Pretty much everything in HTTP is done at second granularity; deviating from that would be odd IMO.
>> 
>> I certainly don’t have all the HTTP uses of time intervals loaded in my head--are time intervals on the order of “1 month” commonly used elsewhere?
> 
> In that sort of syntax, no. The desired semantic is often something like that, but the syntax is almost invariably integer-number-of-seconds.

I’m not entirely sure I follow, but I think you are saying that it is common to have month-long time intervals that are specified in seconds. Is that correct?

In any case, it’s a non-blocking comment. If there’s good reason (e.g. “the parsers all already understand seconds”) to do this in seconds I’m okay with it.


> 
> Cheers,
> 
> 
> 
> --
> Mark Nottingham   https://www.mnot.net/
>

Received on Wednesday, 12 September 2018 16:38:19 UTC