Re: Ben Campbell's Yes on draft-ietf-httpbis-expect-ct-07: (with COMMENT)

Hi Ben,

Thanks for the comments, and apologies for the delay (I've been on parental
leave). I've addressed your comments in
https://github.com/httpwg/http-extensions/commit/7708f6ba2d8841cad9abc5bfc9e663253cb711aa
except for the one about seconds for the reasons that Mark discussed.

Emily

On Wed, Sep 12, 2018 at 9:17 AM Ben Campbell <ben@nostrum.com> wrote:

>
>
> > On Sep 12, 2018, at 11:11 AM, Mark Nottingham <mnot@mnot.net> wrote:
> >
> >
> >
> >> On 12 Sep 2018, at 9:06 am, Ben Campbell <ben@nostrum.com> wrote:
> >>
> >> Hi Mark,
> >>
> >> Just one comment-question :-)
> >>>>
> >
> >>>> §2.1.3: The guidance for max-age in the security considerations
> section
> >>>> suggests 30 days is a good value. But the directive is specified in
> seconds.
> >>>> Does that make sense? Would a 1 second max-age ever be reasonable? Or
> even 30
> >>>> days + 1 second?
> >>>
> >>> Pretty much everything in HTTP is done at second granularity;
> deviating from that would be odd IMO.
> >>
> >> I certainly don’t have all the HTTP uses of time intervals loaded in my
> head--are time intervals on the order of “1 month” commonly used elsewhere?
> >
> > In that sort of syntax, no. The desired semantic is often something like
> that, but the syntax is almost invariably integer-number-of-seconds.
>
> I’m not entirely sure I follow, but I think you are saying that it is
> common to have month-long time intervals that are specified in seconds. Is
> that correct?
>
> In any case, it’s a non-blocking comment. If there’s good reason (e.g.
> “the parsers all already understand seconds”) to do this in seconds I’m
> okay with it.
>
>
> >
> > Cheers,
> >
> >
> >
> > --
> > Mark Nottingham   https://www.mnot.net/
> >
>
>