Sujet : Re: Website Certs Will Soon Last Only 47 Days
De : ldo (at) *nospam* nz.invalid (Lawrence D'Oliveiro)
Groupes : comp.miscDate : 14. Apr 2025, 23:28:44
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <vtk26r$295ku$1@dont-email.me>
References : 1
User-Agent : Pan/0.162 (Pokrosvk)
On Fri, 11 Apr 2025 22:32:56 -0000 (UTC), I wrote:
For most purposes, a free cert service like Let’s Encrypt is quite
sufficient ...
Speaking of which, Let’s Encrypt are going to offer the option to shorten
their certificate lifetimes, from the former 90 days down to as little as
6 days <
https://letsencrypt.org/2025/01/16/6-day-and-ip-certs/>.
Since theirs is a free service, their motives are entirely to do with
security. Why is such a short interval a good idea? Because it shortens
the exposure window, should a certificate key become compromised.
There is a mechanism called “certificate revocation”, but it tends to be
cumbersome and troublesome. With such a short certificate lifetime, there
will be less need for such a thing: if you suffer a certificate security
breach, just immediately get a new certificate with a new key, and be
extra-vigilant during the few days until the old one expires.
Website Certs Will Soon Last Only 47 Days
Re: Website Certs Will Soon Last Only 47 Days