BTW Congratulations on reaching public beta!
Not true. There are a few (admittedly rare) cases where a user can trust a cert without having to rely on the CA trust model.
eg: if a cert has been observed in use for a while, or (re)uses a subject public key that has been, the end user can be fairly confident the cert is legit, particularly because of things like:
But if switching both certs and keys really often becomes common, those few cases in which users can effectively practice this kind of self-defense become even rarer.
And, of course, it’s no real comfort to:
…if you’ve got to decide today whether to trust a site with your password or not, and live with the results (users are the ones most affected by MITMs, not site operators or CAs).
I just read that the LE renewal script will default to generating a new key rather than re-using the current one:
I really hope that’s not true. If it is, I hope it’s due to some practical barrier or other that I can help remove?
Obviously there is a trade-off and we wouldn’t want keys being re-used for 10 or 20 years either! I would suggest LE defaults to re-using the same key for 1 or 2 years.