alt Hacker NewsWhich is yet another chore. And it doesn’t add any security. A certificate expired yesterday proves I am who I am just as much as it did yesterday. As long as the validity length is shorter than how long it would take somebody to work out the private key from the public key, it is fine.
Replies
danesparza • yesterday at 3:53 PM
An expired cert is a smell. It shows somebody isn't paying attention.
And a short expiration time absolutely increases security by reducing attack surface.
➕ show 2 replies
allthetime • yesterday at 4:16 PM
"yet another chore"
use cloudflare, never think about it.
or
use certbot, never think about it.
➕ show 1 reply
dpoloncsak • yesterday at 3:52 PM
Isn't that why certificates expire, and the expiry window is getting shorter and shorter? To keep up with the length of time it takes someone to crack a private key?
➕ show 3 replies
Shortening certificate periods is just their way of admitting that certification revocation lists are absolutely worthless.