[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Apr 15 22:43:27 EDT 2025
Peter Fairbrother <peter at tsto.co.uk> writes:
>Is this a real security measure or just a boondoggle?
It's a boondoggle, frantic activity to distract from having to solve the real
problems, as well as plenty of scope for further changes of the time interval
when the current one fails to have any effect. Arguably it'll actually make
things worse since you're losing key continuity, if people are used to keys
changing constantly then they'll be less alert when a previously-OK key
suddenly becomes a random attacker's key.
But everyone involved can say they did something, which is what really
matters.
Peter.
More information about the cryptography
mailing list