| ▲ | bsder 3 days ago | |
> They didn't do this because they're incompetent but because they think it'll improve security. No, they did it because it reduces their legal exposure. Nothing more, nothing less. The goal is to reduce the rotation time low enough that the certificates will rotate before legal procedures to stop them from rotating them can kick in. This does very little to improve security. | ||
| ▲ | dextercd 3 days ago | parent | next [-] | |
Apple introduced this proposal. Why would they care about a CA's legal exposure? Lower the lifetime of certs does mean that orgs will be better prepared to replace bad certs when they occur. That's a good thing. More organisations will now take the time to configure ACME clients instead of trying to convince CA's that they're too special to have their certs revoked, or even start embarrassing court cases, which has only happened once as far as I know. Theories that involve CAs, Google, Microsoft, Apple, and Mozilla having ulterior motives and not considering potential downsides of this change are silly. | ||
| ▲ | nickf 3 days ago | parent | prev [-] | |
That isn’t at all true. | ||