logoalt Hacker News

fragmedetoday at 5:37 AM2 repliesview on HN

To be fair, if someone managed to steal a set of keys to Gmail.com and icloud.com, I would want them to expire as short a time as possible too.

Replies

spragltoday at 6:04 AM

That is right, but one thing is not like the other. You have always been free to set expiry low on your own certificates, but that is not the same as enforcing it on everyones ceritificate.

notrealyme123today at 5:39 AM

I think revoking them would be better in such a case.

show 2 replies