You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, the default ARI window is a 24-hour period centered around the point 2/3rds of the way through the certificate's validity period. For 90-day certs, that works great, giving clients a wide suggested window and a whole month to recover if renewal fails.
But that doesn't work so well for 6-day certs. A 24-hour-wide window is too large to be meaningful, and 1/3rd of the lifetime before expiration is only about two days to recover from failure.
Therefore, for short-lived certs, we should suggest a narrower window at an earlier point in the validity period. The current proposal is a 1-hour-wide window at the 50% mark. Whether this is achieved by scaling the window width and target point linearly with the validity period, or by hardcoding a cutoff, is still up in the air.
The text was updated successfully, but these errors were encountered:
Currently, the default ARI window is a 24-hour period centered around the point 2/3rds of the way through the certificate's validity period. For 90-day certs, that works great, giving clients a wide suggested window and a whole month to recover if renewal fails.
But that doesn't work so well for 6-day certs. A 24-hour-wide window is too large to be meaningful, and 1/3rd of the lifetime before expiration is only about two days to recover from failure.
Therefore, for short-lived certs, we should suggest a narrower window at an earlier point in the validity period. The current proposal is a 1-hour-wide window at the 50% mark. Whether this is achieved by scaling the window width and target point linearly with the validity period, or by hardcoding a cutoff, is still up in the air.
The text was updated successfully, but these errors were encountered: