Re: Summary, was Re: Every time ..., was Re: General formula

[Stephen Kent <kent@xxxxxxx>]

Folks,

This really has gotten out of hand.  I admire the dedication of folks who have been applying serious intellectual effort to creating a general formula for cert lifetime as a function of the number of attributes, but ... 

As the creator of "Steve's Rule of Revocation" I have to admit that I generated the simple inverse square formula just to make a point, i.e., that, in general, adding attributes to a cert will shorten it's effective lifetime and thus is generally a bad idea.

As some have pointed out, a general formula is hard, since one can cite examples whwre added attributes are so closely linked to existing attributes that the addition has no real effect on expected lifetime.  Also, contributors to this thread pointed out early on that it is the attribute with the shortest expected lifetime that governs the lifetime of the cert.  So, trying to express the lifetime in terms of a pure attribute count seems futile.

Now, if I had to justify my original formula, I might try the following analogy:

1. Adding attributes to a cert is a generally bad idea.  In vernacular terms, it "sucks."

2. Looking to physics for an analogy, we note that, in the vernacular, gravity "sucks."

3. The inverse square law applies to gravitational attraction between bodies.

4. Therefore, the effective lifetime of a certificate is inversely propotional to the inverse square of the number of attributes :-)


Steve