Although the ballot failed (https://cabforum.org/pipermail/servercert-wg/2019-September/001080.html …), it had unanimous browser support, and I anticipate that browsers will limit certificates to 1 year anyways. (2/7)
-
-
Show this thread
-
1 year certs are good for regular Web users, because certificates issued with weak cryptography or weak validation practices are cycled out faster. Security improvements, like Certificate Transparency, can be rolled out more quickly. (3/7)
Show this thread -
1 year certs are good for site operators because certificate renewal is a more regular event rather than something that they have to scramble to remember how to do at the last minute. (Full automation is even better, but not always feasible yet. 1 year is a happy medium.) (4/7)
Show this thread -
1 year certs are more honest, because serious security incidents mean a long-lived cert might not remain valid for its entire term. Every 5 year cert issued through
@SSLMate before Sep 2014 had to be replaced twice: for the SHA-1 deprecation, and for the Symantec distrust. (5/7)Show this thread -
1 year certs are better for
@SSLMate, since they allow us to iterate more quickly without having to deal with legacy baggage. I deleted 20k lines of code in April. I couldn't have deleted all that code if the system still had to manage certificates issued in 2014. (6/7)Show this thread -
I can't wait to see certificates limited to 1 year everywhere, and I'm proud I was ahead of the curve on this. https://sslmate.com/blog/post/one_year_certs … (7/7)
Show this thread
End of conversation
New conversation -
-
-
Still an industry failure to not get revoking implemented right
-
The move to 1 year certs doesn't have much to do with revocation.
End of conversation
New conversation -
-
-
Somewhat off-topic but... what on earth is that typeface?! :)
-
Looks like the classic Sun typeface.
- 2 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.