[CentOS] https and self signed
Valeri Galtsev
galtsev at kicp.uchicago.edu
Thu Jun 16 18:23:26 UTC 2016
On Thu, June 16, 2016 1:09 pm, Gordon Messmer wrote:
> On 06/16/2016 10:53 AM, Walter H. wrote:
>> lets encrypt only trusts for 3 months; would you really except in an
>> onlineshop, someone trusts this shop?
>> let us think something like this: "when the CA only trusts for 3
>> months, how should I trust for a longer period
>> which is important for warranty ..."
>
> I doubt that most users check the dates on SSL certificates, unless they
> are familiar enough with TLS to understand that a shorter validity
> period is better for security.
Oh, this is what he meant: Cert validity period. Though I agree with you
in general (shorter period public key is exposed smaller chance secret key
brute-force discovered), logistically as the one who has to handle quite a
few certificates, I only will go with certificates valid for a year, or
better 2 years. Given a bandwidths and ciphers these certificates still
can provide necessary security (I exclude here such things like server
system compromises which have nothing to do with the time the server
exists or certificate lives on the server - do I miss something?).
Just my $0.02
Valeri
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
More information about the CentOS
mailing list