|
|
|
|
|
|
by ivanr
4436 days ago
|
|
|
Indeed, short-lived certificates do seem like a solution to this problem. One downside might be the fact that (anecdotally) many users have inaccurate clocks. I read somewhere recently that a large web site has to back-date their new certificates, because, otherwise, certificate rotation/revocation causes a large spike in support tickets. Short-lived certificates were explored in Towards Short-Lived Certificates
http://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-shortliv... |
|
|