Comment by dingaling
15 hours ago
> it reduces the validity period of private keys that could be used in a MITM attack if they're leaked
If a private key is leaked, 45 days is sufficient to clean-out the accounts of all that company's customers. It might as well be 10 years.
If cert compromise is really common enough to require a response then the cert lifetime should be measured in minutes.
No comments yet
Contribute on Hacker News ↗