[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: time resolution (was Re: six-page binary format draft)

If you have a look at somathing as strong as banking and credit card,
Revocation resolution is 1 (one) day.

> De : Steven Bellovin <smb@research.att.com>
> A : spki@c2.net
> Objet : Re: time resolution (was Re: six-page binary format draft) 
> Date : mardi 25 novembre 1997 13:30
> Our middle name is "Engineering".  "Engineering" means solving a
> problem economically, within a set of constraints.  The trick, of
> course, is knowing which constraints are reasonable and which aren't.
> It's certainly possible to have machines' clocks agree to within a few
> milliseconds.  Is it necessary here?  These are *certificates*, not
> challenge/response values.  I will, of course, point out that
> certificates are used precisely so that full-time online operation
> isn't necessary -- if I can query the authorization center when someone
> presents me with credentials, I don't need the credentials to be
> signed.
> We don't need finer resolution than 1 second.  I suspect we could stick
> with 1 minute, if we wanted to save some space.