On Thu, Dec 12, 2024 at 09:56:11AM -0500, Jeffrey Walton wrote: > I share your concern over short-lived certificates, but for a > different reason: key continuity. Key continuity has proven to be a > much better security property than gratuitous key rotations based on > reading of tea leaves by tasseomancers.
Do you have any citations you can share? My experience is precisely the opposite, and I have the 2M compromised keys, and ~thousands of consequently compromised TLS certificates, to back that experience. >From a brief web search, I'm not finding very much on the topic of key continuity. The most relevant-looking result is https://datatracker.ietf.org/doc/draft-gutmann-keycont/, which is an I-D that expired in 2009, and does not appear to have been pursued since. - Matt -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/ba098f61-2a82-4719-8037-6a6b038ebd0d%40mtasv.net.
