[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: time resolution (was Re: six-page binary format draft)
If you have a look at somathing as strong as banking and credit card,
Revocation resolution is 1 (one) day.
----------
> De : Steven Bellovin <smb@research.att.com>
> A : spki@c2.net
> Objet : Re: time resolution (was Re: six-page binary format draft)
> Date : mardi 25 novembre 1997 13:30
>
> Our middle name is "Engineering". "Engineering" means solving a
> problem economically, within a set of constraints. The trick, of
> course, is knowing which constraints are reasonable and which aren't.
>
> It's certainly possible to have machines' clocks agree to within a few
> milliseconds. Is it necessary here? These are *certificates*, not
> challenge/response values. I will, of course, point out that
> certificates are used precisely so that full-time online operation
> isn't necessary -- if I can query the authorization center when someone
> presents me with credentials, I don't need the credentials to be
> signed.
>
> We don't need finer resolution than 1 second. I suspect we could stick
> with 1 minute, if we wanted to save some space.