[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: General formula

To: "'Ed Gerck'" <egerck@xxxxxxxxxx>
Subject: RE: General formula
From: Alan Lloyd <Alan.Lloyd@xxxxxxxxxxxxxxxxxxxx>
Date: Wed, 2 Jun 1999 16:44:31 +1000
Cc: Bob Blakley <blakley@xxxxxxxxxx>, Graham Klyne <GK@xxxxxxxxxxxxxx>, PKIX <ietf-pkix@xxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxx

Ed I  still do not know how anyone on this planet - even if they
understand this Newton stuff - can predict the life time of a cert.

	snip the cosmic stuff :-)

> Likewise, when I say that "the lifetime of a certificate is inversely
> proportional to the number of its attributes" do I care what the
> application is? What are these attributes representing? About the
> authentication points of the subject, the management of the
> certificate,
> the validation policy environment for the certificate or some data
> that
> the Issuer is providing integrity over? Is it a question of
> application and
> use? NO -- I just care that the *same* situation is used when you vary
> the number of attributes.
> 
> Thus, for the *same* situation (Bible or ticket to Hell), the lifetime
> of a
> certificate will decrease to half if you double the number of
> attributes,
> to one-third if you triple, etc. In other words, it is inversely
> *proportional*.
> If it was 20 years for N attributes, it will be 10 years for 2N
> attributes;
> if it was 20 seconds for N attributes, it will be 10 seconds for 2N
> attributes;
> etc.
> 
	So if I put in certificate a lot more attributes that represent
colours and go from 256 to 1024  makes the certificate not last as long?
	It seems pointless to debate the lifetime of a certificate with
such exactness when its the attribute value, use and context that will
affect its lifetime - and no factual information is provided about this.

	ie I could add another attribute called "Additional Validity
Periods" a Multi valued extension with the summer months for 20 years
put in them.. Here is a clear case of piles of attributes being added
and extending the life of a certficate - not shortening it  - this
feature could even be implied with Policy Ids..

	Oh well :-)

	regards alan

> Of course, this is valid if all the attributes have similar values --
> otherwise,
> just apply the full equation:
> 
> 1/T = 1/T1 + 1/T2 +....1/TN
> 
> But, the usefulness of my comentary does not depend on its
> (inexisting)
> exactness for Ti <> Tj, but because it provides a correct designer
> feeling
> for the decrease of certificate lifetime with the number of attributes
> --
> double the number of attributes and certificate lifetime will likely
> decrease
> to about half of what it was. Not to about one-quarter, or one-tenth.
> 
> Cheers,
> 
> Ed Gerck
> ______________________________________________________________________
> Dr.rer.nat. E. Gerck                                 egerck@mcg.org.br
>   ---  Meta-Certificate Group member -- http://www.mcg.org.br  ---
>

Follow-Ups:
- Every time ..., was Re: General formula
  - From: Ed Gerck

Prev by Date: Re: General formula
Next by Date: RE: Do we need to authenticate error status and nonce information in TSA responses?
Previous by thread: Re: General formula
Next by thread: Every time ..., was Re: General formula
Index(es):
- Date
- Thread