Hi Randy, The intention from my side to have the “200+ years” was based on my private dislike to see an example one could actually use in X years where X > now() and the certificate would be expired. Said that, this is my personal preference but I get your point. This most likely would set a bad example for others that might start issuing certificates with “infinite” life spans.
In this regards what about a Validity of 365 days within the example. This seems feasible to me. Oliver On 1/12/17, 8:47 AM, "Randy Bush" <[email protected]> wrote: > Validity > Not Before: Jan 10 19:55:44 2017 GMT > Not After : Oct 25 19:55:44 2290 GMT ok, i blew it and gave no guidance in bgpsec-ops. i guess this doc would be as good a place as any. of course that leaves open what lifetime to recommend. we're not gonna do oscp, but rather withdraw from the rpki. so to keep from making too much bgp noise, let me toss out O(year) to start the discussion. i am still staring at the bgpsec message randy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
