On Tue, Jun 4, 2013 at 12:52 PM, Sheehe, Charles J. (GRC-DPC0) < [email protected]> wrote:
> Thanks Trevor. **** > > ** ** > > Ok so if we set the Max Age to 1 day or 10 days or 30 or 90 so what are > the realistic impacts? Increased Infrastructure how much? I have not seen > the tradeoffs cost(risks or added infrastructure) vs. benefits. > So, assuming (for sake of discussion) that we wanted *some* spec-defined max-max-age, what are the tradeoffs in choosing it? Good question, I think you'd want to start by being clear what use cases are in scope. I suggested expanding the scope to include pin-distribution methods like "downloaded lists", "secure links", and "online lookups". It would be fair for the working group to reject that scope expansion, or discuss further. Then we could look at how the effectiveness of pins varies over time for different use cases. I'd argue that for the expanded use cases, you get diminishing returns on effectiveness after a few weeks, though for the "browser key continuity" use case, it's a different story, so we'd have to decide how to weigh the use cases. Finally, you'd have to assess how the "dangers" of pinning increase with lifetime, and then subtract the dangers from the benefits to get some "pinning-lifetime-utility" curve. In my mind, this curve is a bell-like thing with a lot of mass between a few weeks and a few months, with 30 days being a good round number in the middle. At least that's how TACK got there, that's as methodical as we got... Trevor
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
