[bawolff]

I disagree. I don't think rotating certificates would help against birthday attacks or bad prng.

Tbh, i have no idea which part you are attacking with the birthday attack in this specific context. It doesn't seem particularly relavent.

(At the risk of saying something stupid) - i was under the impression RSA did not use nonces, so i don't see how that is relavent for an rsa cert.

For an ecdsa cert, nonce reuse is pretty catastrophic. I fail to see how short lived certs help since the old certs don't magically disappear, they still exist and can be used in attacks even after being rotated.

[marshray]

If properly generated even the smallest RSA key sizes used in practice are still safe from birthday collisions.

But there have been several high-profile cases of bad RNGs generating multiple certs with RSA keys that had common factors. I think if you were put at risk by such a broken RNG, frequently re-generating your certs would tend to make things worse, not better.

[Jerrrrrrry]

Don't be nice, or do it thrice - hash input twice.

[freeone3000]

Certs should be checked against a CRL and CT for revocation, and expired certs should never be accepted, for this reason among others.

[bawolff]

CT isn't used for revocation. CRLs aren't really a thing in practise. Refusing to accept expired certs is important for other reasons but won't save you from a reused ECDSA nonce.