home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.misc      General topics about computers not cover      21,759 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 21,055 of 21,759   
   Lawrence D'Oliveiro to All   
   Re: Website Certs Will Soon Last Only 47   
   14 Apr 25 22:28:44   
   
   From: ldo@nz.invalid   
      
   On Fri, 11 Apr 2025 22:32:56 -0000 (UTC), I wrote:   
      
   > For most purposes, a free cert service like Let’s Encrypt is quite   
   > sufficient ...   
      
   Speaking of which, Let’s Encrypt are going to offer the option to shorten   
   their certificate lifetimes, from the former 90 days down to as little as   
   6 days .   
      
   Since theirs is a free service, their motives are entirely to do with   
   security. Why is such a short interval a good idea? Because it shortens   
   the exposure window, should a certificate key become compromised.   
      
   There is a mechanism called “certificate revocation”, but it tends to be   
   cumbersome and troublesome. With such a short certificate lifetime, there   
   will be less need for such a thing: if you suffer a certificate security   
   breach, just immediately get a new certificate with a new key, and be   
   extra-vigilant during the few days until the old one expires.   
      
   --- SoupGate-DOS v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca