[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029
Viktor Dukhovni
cryptography at dukhovni.org
Thu Apr 17 03:25:06 EDT 2025
On Thu, Apr 17, 2025 at 01:50:27AM +0000, Peter Gutmann wrote:
> John Levine <johnl at iecc.com> writes:
>
> >I don't understand this objection. I have LE certificates which LE resigns
> >every 90 days. When it does that, the certificate's key doesn't change, only
> >the time stamp.
>
> The argument for doing this is that it limits the time available to an
> attacker for key compromise. If you're just re-signing the same key year in,
> year out then it's defeating the very thing that the constant-churn is
> supposedly good for.
Is that really the argument? I rather think of it as shortening the
window of opportunity *after* a key compromise. Of course if one is
completely unaware of a one-time key compromise, then indeed frequent
key rollover could also be helpful, on the assumption that the barn
door is now closed (even though the compromise was not detected).
--
Viktor.
More information about the cryptography
mailing list