Moot point!
Comment on Decreasing Certificate Lifetimes to 45 Days
cron@feddit.org 3 weeks agoShort lifespans are also great when domains change their owner. With a 3 year lifespan, the old owner could possibly still read traffic for a few more years.
When the lifespan ist just 30-90 days, that risk is significatly reduced.
probable_possum@leminal.space 3 weeks ago
cron@feddit.org 3 weeks ago
The maintainers of the big web browsers have pretty strict rules for CAs in this list. If any one of them gets caught issuing only one certificate maliciously, they are out of business.
And all CAs are required to publish each certificate in multiple public, cryptographically signed ledgers.
Sure, there is a history of CAs issuing certificates to people that shouldn’t have them (e.g. for espionage), but that is almost impossible now.
Appoxo@lemmy.dbzer0.com 3 weeks ago
Only matters for LE certs.
You can still buy 1 year certs
cron@feddit.org 3 weeks ago
For 3 more months or so, you can’t buy them in april 2026 anymore
Appoxo@lemmy.dbzer0.com 3 weeks ago
oh? Damn
Zanathos@lemmy.world 3 weeks ago
They are going down to 200 day expiration in March 2026. You can still buy 5 year certificates today but you still need to reissue them in 365 day cadence.