|
|
|
|
|
|
by magicalhippo
1251 days ago
|
|
|
I think the opposite. A short expiry time ala LetsEncrypt, but with a process to "adopt" the new certificate. That is, the website can say, "I'm using this cert now, soon I'll be using that one". Then the browser can be more strict with warning of unscheduled cert changes, and an expired-but-adopted cert is not a big issue and browsers don't have to be so alarmist about it. |
|
|