Comment by kevincox
1 day ago
The short-lived requirement seems pretty reasonable for IP certs as IP addresses are often rented and may bounce between users quickly. For example if you buy a VM on a cloud provider, as soon as you release that VM or IP it may be given to another customer. Now you have a valid certificate for that IP.
6 days actually seems like a long time for this situation!
Cloud providers could check the transparency lists, and if there’s a valid cert for the IP, quarantine it until the cert expires. Problem solved.
That's leaving money on the table, unless they continue to charge the previous tenant for the duration of quarantine.
Charging for an IP until a cert is expired is free money for cloud providers. They gonna love it.