Certificate Expiration Debates
Discussions center on why SSL/TLS certificates expire, the challenges and hassles of renewal and revocation, benefits of short lifetimes for security, and future policies limiting validity periods like 47 days.
Activity Over Time
Top Contributors
Keywords
Sample Comments
Certificates often change for legitimate reasons, e.g. Let's Encrypt certificates which must be changed every 3 months.
Why do certificates need to expire? It causes a lot of trouble for everyone.
Don’t they tend to cross sign with the old ca cert of a long time due to this?
Is it possible that one day certificate expiration will be a thing of the past?
Someone should tell cloudlare that certificates expire for a reason.
Wouldn't that break when they need to update the certificate, due to expiration?
revoking certs does not work. it is so bad that the end result is that by 2029 certificates will not be allowed to be valid longer than 47 days: https://news.ycombinator.com/item?id=43693900
Won't it basically fix itself in 90 days and 1 second after all the certs are rolled anyhow now that it's on the radar?
It would be nice if certificates didn't arbitrarily expire based on date.
Funny that he considers certificate expiry as vulnerability.