IETF Logo Mail Archive

Re: [websec] Consensus call: Issue #57 (max-max-age)

Trevor Perrin <trevp@trevp.net> Tue, 04 June 2013 17:42 UTC

Return-Path: <trevp@trevp.net>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E18D21E817F for <websec@ietfa.amsl.com>; Tue, 4 Jun 2013 10:42:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.48
X-Spam-Level:
X-Spam-Status: No, score=0.48 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_PBL=0.905, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IU4UejNA+nAU for <websec@ietfa.amsl.com>; Tue, 4 Jun 2013 10:42:01 -0700 (PDT)
Received: from mail-wi0-x22b.google.com (mail-wi0-x22b.google.com [IPv6:2a00:1450:400c:c05::22b]) by ietfa.amsl.com (Postfix) with ESMTP id D034B21F9D8C for <websec@ietf.org>; Tue, 4 Jun 2013 09:31:46 -0700 (PDT)
Received: by mail-wi0-f171.google.com with SMTP id hm9so928328wib.4 for <websec@ietf.org>; Tue, 04 Jun 2013 09:31:46 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=PDuI/2tN8xTjxHAFW7VAPFqbqqPpEJ8fRg8NOfAd64k=; b=apZuOpxRdyzBGsht70i7t1NEDvq7c5zq28r62liRPAyFepTUeTIfT4fFkXIZIWhkJC J3ZW0DjtTJ1GqOFSIRcdxqVJBTHjeKbJnQikybcg00/9uGRi/GhV6YOc0F7IbVI9jkxc FT8DvF6aN0Z7dTUnE3Fpo5ra7S/pgCW6hb/MkAYZOV2ItfJrcOCoANDOXtaQ0a1pulAS a3eLcBYX45Z7XW5W0Ou9KVjHm0JBnMChQSrmlFCVAwygJ8pgvAMFGFaQRhPuXU/1QvNa 9E4/IV+JTiuR5KUG/6ut0wL0ch2tIKLEPY+XqhHgwbrHHNf+kGW+/+mEmaJSyljAJX7j mCdA==
MIME-Version: 1.0
X-Received: by 10.180.74.207 with SMTP id w15mr2313352wiv.19.1370363505961; Tue, 04 Jun 2013 09:31:45 -0700 (PDT)
Received: by 10.217.110.129 with HTTP; Tue, 4 Jun 2013 09:31:45 -0700 (PDT)
X-Originating-IP: [166.147.108.64]
In-Reply-To: <838EDA30DAC59547BEDA5AB4C776DFC9014303815897@NDJSSCC04.ndc.nasa.gov>
References: <43C5DE99-43EB-42FC-8F61-24F9A9429FD1@checkpoint.com> <CA+cU71=Q_QkHqiQ95AZgw8Bi7U_mgCi4icMypwFUp1C6i=apUA@mail.gmail.com> <518EE510.9060600@it.aoyama.ac.jp> <8450797E-818C-445C-ABD2-1B8F9AE1DBB9@checkpoint.com> <5194918A.7030300@gondrom.org> <CAGZ8ZG0SWZD9e-NP2RhQMQ-=F5JUCCytF2NYTdWH7u13hhBqqQ@mail.gmail.com> <519D3254.1040508@gondrom.org> <CAGZ8ZG15ZbjfDcu+bpetvfZxKG1ycW9t1AGuQ+A5cfpfkUAfnw@mail.gmail.com> <CAOuvq237_B1h6mBryP3UHh=auqtUhs93-_oKMSsHOjqSX977bQ@mail.gmail.com> <51A49A5C.5080002@gondrom.org> <CAOuvq20_zACXraV9iN6mUbDwML8GkSCwh9w2Cuow818YOLL-Sw@mail.gmail.com> <7AD36561-65B4-448C-A371-907B12B75AF1@checkpoint.com> <CAOuvq23a0BiO5pGDPLLvHY0bZ0JvVrFb7Aq-nGDoBQS_S8HFDw@mail.gmail.com> <584386D2-223C-4B6F-89BA-78769113D293@checkpoint.com> <CAGZ8ZG3ktYcJutAH19qW+=EP8oopq=XCTZ_td3Gyw2o2mMvzNA@mail.gmail.com> <51ADBBA3.3000105@gondrom.org> <77BFAD41-36DD-46C7-A277-D1416F7EE958@checkpoint.com> <838EDA30DAC59547BEDA5AB4C776DFC9014303815897@NDJSSCC04.ndc.nasa.gov>
Date: Tue, 04 Jun 2013 09:31:45 -0700
Message-ID: <CAGZ8ZG3tbM+KhtdYx0pwpLuu4J3uZRnZsVGxiPrx3JCR9m7n1w@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: "Sheehe, Charles J. (GRC-DPC0)" <charles.j.sheehe@nasa.gov>
Content-Type: multipart/alternative; boundary="f46d04374a19fc84b304de569dec"
X-Gm-Message-State: ALoCoQnIpLV5MNRDMKe9PfOZS0M9cYLk0qonvC1GRwy25LNmYCS1yC1cH5TLr/jJYJbvy8tsu/2Z
Cc: "<websec@ietf.org>" <websec@ietf.org>
Subject: Re: [websec] Consensus call: Issue #57 (max-max-age)
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jun 2013 17:42:06 -0000

On Tue, Jun 4, 2013 at 6:03 AM, Sheehe, Charles J. (GRC-DPC0) <
charles.j.sheehe@nasa.gov> wrote:

> Why can’t the Max-Max-AGE  equal a formula  Max age=  (average
> usage)*2+1day
>

Hi Charles,

In the case of frequently visited sites, that would shrink pin lifetimes to
the point that even a brief interruption of browsing habits (vacation,
etc.) would deactivate the pins.

Also, that wouldn't guarantee an upper-bound on pin lifetimes.  While
opinions differ on this, I think a guaranteed upper-bound is desirable, to
provide sites clarity on how long ill-effects from pinning might last.


Trevor

v2.23.0 | Report a Bug | By Email