cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
- From: Philipp Guehring <philipp AT cacert.org>
- To: cacert-sysadm AT lists.cacert.org
- Cc: Martijn Brinkers <martijn AT djigzo.com>
- Subject: Re: thinking about CRL download cycle times
- Date: Wed, 30 Jun 2010 09:24:56 +0200
- Authentication-results: lists.cacert.org; dkim=pass (1024-bit key) header.i= AT cacert.org; dkim-asp=none
Hi,
It's an interesting question from a policy point of view. What is the
recommended time for a CRL download cycle?
The current CRL lifetime is 1 week.
In case of problems with the servers, we need time for a
datacenter-visit to analyze and fix a problem. Datacenter visits cost
time to organize (4 eyes principle) and execute. Also emergency
situations like a broken server have to be calculated in, where new
hardware has to be organized, ...
So 1 week is a reasonable expiration time from my point of view.
Regarding the recommended download cycle, I think the users will know
better how fresh they want it for their specific application anyway.
Recommending something there won't help much, and will most likely not be read anyway.
Best regards,
Philipp Gühring
- Re: thinking about CRL download cycle times, Philipp Guehring, 06/30/2010
Archive powered by MHonArc 2.6.16.