[Info-vax] Certificates
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Mon Jul 24 13:37:37 EDT 2023
On 2023-07-24, terry-... at glaver.org <terry-groups at glaver.org> wrote:
>
> We can't forget that certificate lifetimes have become shorter and
> shorter - you can't buy a SSL certificate with a longer expiration date
> than 1 year + any time remaining on the existing certificate. I think the
> only reason they haven't shortened it further is that once they get it
> down to 180 days, there's pretty much no reason not to use Lets
> Encrypt unless you're a bank or similar institution. I think the SSL
> certificate vendors would complain that their customer base would
> leave if they did that.
>
You can blame Apple for that piece of utterly moronic stupidity:
https://www.theregister.com/2020/02/20/apple_shorter_cert_lifetime/
and then Google followed:
https://www.theregister.com/2020/06/30/tls_cert_lifespan/
I have also just discovered this piece of utter insanity which I didn't
know about until a few minutes ago:
https://www.sectigo.com/resource-library/google-announces-intentions-to-limit-tls-certificates-to-90-days-why-automated-clm-is-crucial
Complete and utter insanity. What the hell makes Google think they
have the right to do this??? :-(
You were way too optimistic when you said 180 days above.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
More information about the Info-vax
mailing list