On 18.06.2016 03:41, Gordon Messmer wrote: > On 06/17/2016 07:56 AM, James B. Byrne wrote: >> On Thu, June 16, 2016 14:09, Gordon Messmer wrote: >>> I doubt that most users check the dates on SSL certificates, >>> unless they are familiar enough with TLS to understand that >>> a shorter validity period is better for security. >> What evidence do you possess that supports this assertion and would >> you care to share it with us? > https://letsencrypt.org/2015/11/09/why-90-days.html "29% of TLS transactions use ninety-day certificates." could this statement be a little bit more precise ... or another thought, if every website contained this: <IMG SRC="https://www.track.org/track.png?id=75r75fbbf75hfn"> and the host 'www.track.org' used a 90day throw-away certificate then the statement wouldn't say anything, because nobody said, if it was in connection with explicit wanted TLS transactions ...
