[Cryptography] Apple's 13-month certificate policy
Raymond Burkholder
ray at oneunified.net
Sat Feb 22 20:50:45 EST 2020
On 2020-02-22 4:55 p.m., John-Mark Gurney wrote:
> Patrick Chkoreff wrote this message on Sat, Feb 22, 2020 at 18:23 -0500:
>
> Overall, it's a good thing, and IMO, even 90 days is a bit long. With
> automated renewal, 7-30 days is more than long enough.
7 - 30 days would be painful. Yes some systems do have automation. But
there are other systems with complicated relationships: a dns server
over there, a web server over here, and automation/manual system
somewhere else, ...
And systems protected by certificates aren't just web servers sitting on
the same server as the dns server for the TXT based authorization.
There are email servers involved with certificates. No web front end.
More information about the cryptography
mailing list