Comment on Certbot is great. Let's Encrypt is great.
FrederikNJS@lemm.ee 1 year agoWhile shorter lived certs certainly improve the general security, certificate revocation lists are what you need if a cert gets compromised.
Comment on Certbot is great. Let's Encrypt is great.
FrederikNJS@lemm.ee 1 year agoWhile shorter lived certs certainly improve the general security, certificate revocation lists are what you need if a cert gets compromised.
dauerstaender@feddit.de 1 year ago
They don’t work in practice, no modern browser actively queries any revocation DBs. It’s just much more efficient to let something expire sooner than keep track of all lost somethings.