Valeri Galtsev wrote: > > On Thu, June 16, 2016 1:09 pm, Gordon Messmer wrote: >> On 06/16/2016 10:53 AM, Walter H. wrote: >>> lets encrypt only trusts for 3 months; would you really except in an >>> onlineshop, someone trusts this shop? >>> let us think something like this: "when the CA only trusts for 3 >>> months, how should I trust for a longer period >>> which is important for warranty ..." >> >> I doubt that most users check the dates on SSL certificates, unless they >> are familiar enough with TLS to understand that a shorter validity >> period is better for security. > > Oh, this is what he meant: Cert validity period. Though I agree with you > in general (shorter period public key is exposed smaller chance secret key > brute-force discovered), logistically as the one who has to handle quite a > few certificates, I only will go with certificates valid for a year, or > better 2 years. Given a bandwidths and ciphers these certificates still > can provide necessary security (I exclude here such things like server > system compromises which have nothing to do with the time the server > exists or certificate lives on the server - do I miss something?). There is also what use is being made of it. For internal dev websites, for example, not available to the outside world, I create self-signed for one length of time... ten years. By that time, the project, if it's still around, will have gone other ways. mark