On Wed, Feb 05, 2014 at 11:23:11PM -0500, Andrew Sullivan wrote:
> Pray tell, how does the application learn the TTL? What if it
> doesn't, and guesses wrong?
I must plead ignorance of the obstacle, what do you have in mind?
If learning DNS TTLs along with the RRset data is problematic,
application caches should have reasonably short maximum lifetimes.
For an MUA caching an SMIMEA certificate, probably on the order of
7days or less. This is substantially shorter than typical PKIX
certificate lifetimes and commensurate with say typical Kerberos
ticket renewal lifetimes (another form of short term cached
credentials).
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
