AW: Robot CA at

David Shaw
Sat Dec 7 20:52:02 2002

On Sat, Dec 07, 2002 at 12:47:39PM +0100, Adrian 'Dagurashibanipal' von Bidder wrote:
> On Fri, 2002-12-06 at 18:01, Kyle Hasselbacher wrote:
> > On Fri, Dec 06, 2002 at 10:37:28AM -0600, Kyle Hasselbacher wrote:
> > >[periodic challenges]
> > On second thought, I'd rather expire signatures and make people get new
> > ones.  If your service goes away and stops challenging the users, then the
> > signatures hang around forever.  I'd rather they all expire forever.
> That's why I'd have the signatures expire after a relatively long time
> (5 years or so). So, if the service goes away, there's only a limited
> window where any damage can be done.
> I think 5 years is reasonable - not many people I've known have changed
> their email address frequently, especially the private email address.

My experience is different here - I was thinking a 1-year expiration
was reasonable.  Seems to me that nearly everyone I know I always
mailing me with "I got a new email address".

There is also a simpler reason - anyone who runs any sort of Internet
service (mailing lists, etc.)  knows the problem of people who manage
to get themselves signed up for things without the faintest clue about
how to get un-signed up.  Expiring sooner rather than later lets
people get out of the system painlessly.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson