logoalt Hacker News

codystoday at 5:59 AM3 repliesview on HN

I'm not sure I follow. This outage seems like it occurred for less than 1 day. The post you link to is about having certificates expire after 45 days. What's the connection you see?


Replies

jeroenhdtoday at 7:49 AM

Some CAs are experimenting with shorter, 7 day certificates as well.

still not an outage that would endanger anyone's ability to renew in time, but for small or extremely shitty CAs (and there are a lot of those) such an outage may take enough time to cause issues in theory I guess?

show 1 reply
philprxtoday at 10:53 AM

that's roughly 1/45th probable downtime window = 2.22% downtime probability (yeah, it's a figure not a real proba ;-) )

compared to say, roughly 1/365 probable downtime window for a 398 days cert lifetime = 0.25% downtime probability

let's pray you don't need to rotate when it's down...

Dan Geer famously said: "Dependency is the root cause of risk"...

PS: even stricter shortlived durations in some context:

Internal/Private 1 – 7 days Corporate VPNs, Internal apps

Ephemeral 5 mins – 1 hour Docker containers, CI/CD runners

show 2 replies
TwoNineFivetoday at 6:17 AM

You didn't read it or understand it.