• jatone@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    9
    ·
    12 days ago

    compromising a keypair is a huge win. lets you impersonate the domain. shorter validation periods = smaller windows of compromised situations.

    basically the smaller you make the window the less manual intervention and the less complicated infrastructure gets. currently TLS systems need a way to invalidate certificates. get them down to a day and suddenly that need just disappears. vastly simplifying the code and the system. 6 days is a huge improvement over 90 days.