Re: 6-day TLS certificates from Let's Encrypt

Liste des GroupesRevenir à c misc 
Sujet : Re: 6-day TLS certificates from Let's Encrypt
De : invalid (at) *nospam* invalid.invalid (Richard Kettlewell)
Groupes : comp.misc
Date : 12. Dec 2024, 11:03:29
Autres entêtes
Organisation : terraraq NNTP server
Message-ID : <wwved2dtdzi.fsf@LkoBDZeT.terraraq.uk>
References : 1 2 3
User-Agent : Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
Rich <rich@example.invalid> writes:
Given Chrome's "insecure" branding in the URL bar from the "make
everything https" push some years back, there are far fewer who are
not using it.
>
But six day expiry dates, that just sounds insane.

I suspect six days is chosen to be one day shorter than the one-week
OCSP timeout they quote in their blog post about revocation[1]. So, they
can sunset OCSP support and at the same time improve revocation
performance and effectiveness (it fails open, so it doesn’t work against
a well-positioned attacker).

  [1] https://letsencrypt.org/2022/09/07/new-life-for-crls/

--
https://www.greenend.org.uk/rjk/

Date Sujet#  Auteur
12 Dec 24 * 6-day TLS certificates from Let's Encrypt11Salvador Mirzo
12 Dec 24 +* Re: 6-day TLS certificates from Let's Encrypt9Rich
12 Dec 24 i+* Re: 6-day TLS certificates from Let's Encrypt4Broseki
12 Dec 24 ii`* Re: 6-day TLS certificates from Let's Encrypt3Lawrence D'Oliveiro
13 Dec 24 ii +- Re: 6-day TLS certificates from Let's Encrypt1Richard Kettlewell
13 Dec 24 ii `- Re: 6-day TLS certificates from Let's Encrypt1Lawrence D'Oliveiro
12 Dec 24 i+- Re: 6-day TLS certificates from Let's Encrypt1Richard Kettlewell
13 Dec 24 i`* Re: 6-day TLS certificates from Let's Encrypt3Theo
13 Dec 24 i +- Re: 6-day TLS certificates from Let's Encrypt1Lawrence D'Oliveiro
15 Dec 24 i `- Re: 6-day TLS certificates from Let's Encrypt1Eli the Bearded
12 Dec 24 `- Re: 6-day TLS certificates from Let's Encrypt1Lawrence D'Oliveiro

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal