|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: PKI operators anyone?
At 11:25 AM -0400 9/5/07, Joe Maimon wrote: > >Sounds like what you are saying is that creating validity periods based on expected cracking time is an excerise in futility then. No, what I'm saying is that the cracking time likely shorter than we imagine, and an 80 year root and 15 year issuing certificate expiration may be considered optimistic by some. Again, it also depends on what exactly is the consequences of success versus the maintenance headache. >I dont see verisign roots expiring every five years. I believe that they're on 30 years or so for the root CA certificates, and shorter periods for the intermediates. /John
|