Maximum (and minimum) certificate lifetimes?


#257

I should hope you have a belief system of your own as well. Also am glad to at least be rated elaborate on the troll-o-meter scale, thank you.

I admit (again) to not being an expert in these matters so every explanation is a learning step for me. My risk vector guesses are probably all wrong, however they all exist even with all the suggestions that I am wrong because the foundation remains in question. It remains odd that LE should not want to join the ranks of [quote=“pfg, post:256, topic:264”]
other trusted CAs
[/quote]
but rather considers it a side goal to remain amongst the suspected CAs.

I can think of nothing further to add though the [quote=“germeier, post:255, topic:264”]
Godwin’s Law
[/quote]thing was an unexpected new twist in forum protocol I had never heard of, turns out it is not relevant in this case because this was a discussion about dictating to subjects so I don’t feel to bad to have lost my talking rights with ‘germeier’. The wikipedia page does also explain that the law was created as a teaching tool and is not really an excuse to avoid reading opposing arguments.


#258

Maybe there is an option to stop the discussion and get some really hard data, not telemetry data that needs to be interpreted. Maybe someone here will “download” the full set of certificates from CT-pilot. There are 10.mio certificate.
This would be around 4gb base64 data.

  1. Then we can filter what certificates are valid
  2. For each FQDN only take the newest.
  3. Create to diagrams:
    a) Number of Certificate x Lifetime in Weeks
    b) Number of (News per Domains (according to public suffix list)) x Lifetime in Weeks
    Then we have an representative list of demanded certificates.

Maybe it would be possible to share even the Database ?


#259

I have seen exactly zero feedback from the Let’s Encrypt team to almost every concern raised. Could you point out where such feedback is given for each point that I’ve summarized here?

The criticism isn’t that Let’s Encrypt isn’t acting in line with our goals. It’s that their decisions directly interfere with their stated goal of universal TLS.


#260

Hi all,

Apologies for not replying more frequently on this thread. There are some useful and valuable critiques in here. Unfortunately they’re interspered with a lot of comments that violate the spirit of our Community Guidelines. It’s hard to find the gems among the abuse, and this has become the most-flagged thread in our community.

I and my colleagues may have relatively thick skin, but it’s important that new members of our forum not find it to be an abusive place. If someone comes seeking help but leaves because they feel it’s a hostile environment, we are failing to provide the support they need.

Let’s start over. I’ve opened a new thread at Pros and cons of 90-day certificate lifetimes, and I’ve attempted to summarize the concrete pros and cons from this thread.


#261