mornin' oliver, > This most likely would set a bad example for others that might start > issuing certificates with “infinite” life spans.
'zactly > In this regards what about a Validity of 365 days within the > example. This seems feasible to me. >> of course that leaves open what lifetime to recommend. we're not >> gonna do oscp, but rather withdraw from the rpki. so to keep from >> making too much bgp noise, let me toss out O(year) to start the >> discussion. i can live with a year. i will be interested if others comment. i have a vague memory of talking about this before. one needs to deploy the replacement key in advance, as it can take some time to propagate to the far corners of the internet. and one probably does not want to reannounce all one's routes at once. a small i-d may be in order. randy _______________________________________________ sidr mailing list [email protected] https://www.ietf.org/mailman/listinfo/sidr
