wait a sec. this doesnt work unconditionally. unless people change the keys it wont help changing the cert. also obviously the key needs to be made on a secure system with a good DRM (again, debian weak keys)
do they have something written on how long they need to be before degrading?
also this should only be for DV certs beause short EV or OV certs arent exactly practical due to the paperwork etc.
it doesnt actually need to be "linger than" 1 year but a year would be enough for giving people who want more control not too much annoyances.
and giving one year as an option for the control prople wouldnt lower the security if the people who DONT choose that option. da
well the tension part is for those who cant (way too exotic setup, shared hoster that doesnt support it yet, I have no Idea what's all the stuff that can cause this) or dont want (control) to automate the certs.
nice joke, NOT! I am about the 90 days thing similar to windows 10. everybody has their opinions and their own unique situations (I have my reasons against it, others too and others again like it) but forcing it in ANY direction is the wrong thing. My Favorite word about this is this: OPTION.