|
|
|
|
|
|
by ozim
291 days ago
|
|
|
There was an attempt doing it differently by CRL but it turns out certificate revoking is not feasible in practice on web scale. Now they are doing next plausible solution. Seems like 47 days is something they found out by let’s encrypt experience estimating load by current renewals but that last part I am just imagining. |
|
|
But CRL sizes are also partly controlled by expiry time, shorter lifetimes produce smaller CRLs.