| ▲ | trothamel 4 days ago | |||||||
I suspect it's to limit how long a malicious or compromised CA can impact security. | ||||||||
| ▲ | hedora 4 days ago | parent | next [-] | |||||||
Equivalently, it also maximizes the number of sites impacted when a CA is compromised. It also lowers the amount of time it’d take for a top-down change to compromise all outstanding certificates. (Which would seen paranoid if this wasn’t 2025.) | ||||||||
| ||||||||
| ▲ | rat9988 4 days ago | parent | prev [-] | |||||||
I think op is asking has there been many real case scenarios in practice that pushed for this change? | ||||||||