Valeri Galtsev wrote:
On Thu, June 16, 2016 1:09 pm, Gordon Messmer wrote:
On 06/16/2016 10:53 AM, Walter H. wrote:
lets encrypt only trusts for 3 months; would you really except in an onlineshop, someone trusts this shop? let us think something like this: "when the CA only trusts for 3 months, how should I trust for a longer period which is important for warranty ..."
I doubt that most users check the dates on SSL certificates, unless they are familiar enough with TLS to understand that a shorter validity period is better for security.
Oh, this is what he meant: Cert validity period. Though I agree with you in general (shorter period public key is exposed smaller chance secret key brute-force discovered), logistically as the one who has to handle quite a few certificates, I only will go with certificates valid for a year, or better 2 years. Given a bandwidths and ciphers these certificates still can provide necessary security (I exclude here such things like server system compromises which have nothing to do with the time the server exists or certificate lives on the server - do I miss something?).
There is also what use is being made of it. For internal dev websites, for example, not available to the outside world, I create self-signed for one length of time... ten years. By that time, the project, if it's still around, will have gone other ways.
mark