Comment by grishka
5 days ago
Of course they do, they have to. But it's okay for things that are sent to you over the network to expire. It's not okay for things built into your potentially abandoned OS to expire.
5 days ago
Of course they do, they have to. But it's okay for things that are sent to you over the network to expire. It's not okay for things built into your potentially abandoned OS to expire.
> Of course they do, they have to.
Why do they have to?
(This will also tell you why certs in your OS need to expire.)
Because domains change owners.
https://news.ycombinator.com/item?id=47074127
More specifically: because they cannot be revoked, they need to expire. Same with root certs.