Sujet : Re: 6-day TLS certificates from Let's Encrypt
De : broseki (at) *nospam* whitetail.is (Broseki)
Groupes : comp.miscDate : 12. Dec 2024, 02:05:24
Autres entêtes
Organisation : NewsgroupDirect
Message-ID : <1810487515d7ada1$4727$2365644$4296dcc3@news.newsgroupdirect.com>
References : 1 2 3
User-Agent : Usenapp for MacOS
On Dec 11, 2024 at 7:28:38 PM EST, "Rich" <
rich@example.invalid> wrote:
D <noreply@mixmin.net> wrote:
On Wed, 11 Dec 2024 20:27:37 -0300, Salvador Mirzo <smirzo@example.com> wrote:
Let's Encrypt is planning a 6-day TLS certificate for next year.
Our longstanding offering won't fundamentally change next year, but we
are going to introduce a new offering that's a big shift from anything
we've done before - short-lived certificates. Specifically,
certificates with a lifetime of six days. This is a big upgrade for
the security of the TLS ecosystem because it minimizes exposure time
during a key compromise event.
Source:
https://letsencrypt.org/2024/12/11/eoy-letter-2024/
seems like everyone is using tls . . . is there anyone "not" using it?
Given Chrome's "insecure" branding in the URL bar from the "make
everything https" push some years back, there are far fewer who are not
using it.
But six day expiry dates, that just sounds insane.
I have been running 2-day TTL certs for some services I run. It is not bad at
all with ACME since things just renew in the background; and it really helps
cut down on the possbile impact of a compromised cert.
Without ACME though, no way it would be possible XD
6-day TLS certificates from Let's Encrypt
Re: 6-day TLS certificates from Let's Encrypt