North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: PKI operators anyone?

  • From: John Curran
  • Date: Wed Sep 05 12:32:57 2007

At 11:25 AM -0400 9/5/07, Joe Maimon wrote:
>Sounds like what you are saying is that creating validity periods based on expected cracking time is an excerise in futility then.

No, what I'm saying is that the cracking time likely shorter than
we imagine, and an 80 year root and 15 year issuing certificate
expiration may be considered optimistic by some.  Again, it also
depends on what exactly is the consequences of success versus
the maintenance headache. 

>I dont see verisign roots expiring every five years.

I believe that they're on 30 years or so for the root CA
certificates, and shorter periods for the intermediates.