Comment on TLS Certificate Lifetimes Will Officially Reduce to 47 Days
sugar_in_your_tea@sh.itjust.works 1 week agoHow does manual cert generation impact that?
My experience is that orgs that don’t bother checking logs are also likely to buy long duration certs. And it’s also frequently a simple FTP drop or something, they’re not taking the time to actually verify things properly.
I also haven’t seem evidence of attackers compromising certificates themselves, if they have the access to do that, they’ll just steal the data they want or install some kind of backdoor for later use.
Tetsuo@jlai.lu 1 week ago
There is plenty of data on compromised certs. I mean if you steal a cert you essentially steal the identity of that server.
I’m just saying before that you had admins connecting from time to time to the server while deploying but after that change it could be years before someone connects. Cert deployment IMO is often one of the last maintenance that is not automated and one of the hardest to automate both safely and reliably.
But for a business that handles it that way it’s just straight up an upgrade in security to have shorter certs.