Although the ballot failed (https://cabforum.org/pipermail/servercert-wg/2019-September/001080.html …), it had unanimous browser support, and I anticipate that browsers will limit certificates to 1 year anyways. (2/7)
-
-
Prikaži ovu nit
-
1 year certs are good for regular Web users, because certificates issued with weak cryptography or weak validation practices are cycled out faster. Security improvements, like Certificate Transparency, can be rolled out more quickly. (3/7)
Prikaži ovu nit -
1 year certs are good for site operators because certificate renewal is a more regular event rather than something that they have to scramble to remember how to do at the last minute. (Full automation is even better, but not always feasible yet. 1 year is a happy medium.) (4/7)
Prikaži ovu nit -
1 year certs are more honest, because serious security incidents mean a long-lived cert might not remain valid for its entire term. Every 5 year cert issued through
@SSLMate before Sep 2014 had to be replaced twice: for the SHA-1 deprecation, and for the Symantec distrust. (5/7)Prikaži ovu nit -
1 year certs are better for
@SSLMate, since they allow us to iterate more quickly without having to deal with legacy baggage. I deleted 20k lines of code in April. I couldn't have deleted all that code if the system still had to manage certificates issued in 2014. (6/7)Prikaži ovu nit -
I can't wait to see certificates limited to 1 year everywhere, and I'm proud I was ahead of the curve on this. https://sslmate.com/blog/post/one_year_certs … (7/7)
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
Still an industry failure to not get revoking implemented right
-
The move to 1 year certs doesn't have much to do with revocation.
Kraj razgovora
Novi razgovor -
-
-
Somewhat off-topic but... what on earth is that typeface?! :)
-
Looks like the classic Sun typeface.
- Još 2 druga odgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.