- cross-posted to:
- tech
You must log in or register to comment.
Are compromised private keys that big of a problem to cause all this headache?
Geez.
This will keep getting shorter until it turns into a calculus problem.
You won’t even get a certificate, just a token from some SSL token warehouse. Why should I trust it? Because some random company says so!
Lol, wouldn’t put it past them. Like TLS session keys we have now, but every session key has to be requested from the SSL token warehouse.
There are lots of companies and vendors that don’t automate cert renewal. They are all going to be forced into automation with this change.
The concern is that a compromised device could leak a cert that is then used for attacks.
Let’s encrypt is about to get even more market share. Suddenly companies will have even less reasons to pay money for a cert.
God I hate this, dropping it to one year is fine but a month and a half? Fuck that shit.
Id you can use acme/cert boy it’s fine. But some of us have to manage decades old equipment that doesn’t support it and no we can’t just put a reverse proxy in front we tried.
Complaining about job security, unbelievable… 🙃
And I’m over here with a internal only SSL cert that’s good for 1000 years
We could be heading into daily (or hourly) cert auto-renewals. Clients will have to catch up. But one day, can see it all being hands-free.
What a pain in the ass. I will probably just disable HTTPS and use a VPN or SSH tunnel for my stuff then.
Jesus, dude… ACME is not hard to set up.
Setting up a VPN is far far more complex
Just use auto-renewal tools Duh.
This raises a good point. The path of least resistant typically becomes the norm.
