Hacker News new | ask | show | jobs
by Ayesh 270 days ago
It's not better.

Short lived certificates are definitely the better way forward.

24 hour certificates will add a significantly more load on CAs, a lot more than maintaining an OCSP responder.
1 comments
saurik 263 days ago
But, signing the updated expiration date seems like exactly the same amount of signing as just signing the entire certificate?
link