Hacker News new | past | comments | ask | show | jobs | submit login
WebPKI – Introduce Schedule of Reducing Validity (Of TLS Server Certificates) (github.com/cabforum)
7 points by nickf 53 days ago | hide | past | favorite | 2 comments



Letsencrypt wildcard certs are valid for 30 days, and regular certs are valid for 90 days but they recommend renewing them after 60 days.

Cert validity intervals directly affect the storage and bandwidth requirements for CT logs, which should be replicated.

Does anyone serve the CT Certificate Transparency logs for checking by browsers?


A phased approach to reducing the validity of TLS server certificates over the next two or three years, ending at a 45-day certificate lifetime by early 2027.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: