Math is not politics, nor religion, nor astrology…
Math can, and should always, be debated; because Math can be proven.
Perhaps, I never claimed to be a Math major.
If you feel I’m over-estimating my results, then show your Math.
I am more than willing to learn the “truth” (especially in Math).
(I did try to show mine)
Math results are not “gut feelings”.
The “gut feeling” may have pointed me to look in this direction; but the “finding” are based on Math.
Any the “findings” can be verified or corrected by any Math major; Who can accurately determine a comparison of the “worst case” scenarios:
Both UserA and UserB: Attempts to renew hourly and can successfully get a new cert.
Both users are bound by the same rate limits (5 per week).
They only differ in cert time life span:
UserA gets 30 day certs.
UserB gets 90 day certs.
- How many certs can each user obtain over the same course of time?
[This should be the same answer for both]
- How many concurrent valid certs can each user have?
[This should NOT be the same answer for both]
It is in that difference in the second answer that we can see the overall benefit of the shorter cert life span.
If my Math is off, then it is off; But it and can easily be proven to what is the correct Math answer.
But the logic/reasoning is in the benefit of that difference is sound:
The 90 day cert client would have 3 times as many concurrently valid certs than the 30 day cert client.
That’s 3 times as many OCSP signatures for the exact same misconfigured client.