• @jatone@lemmy.dbzer0.com
    link
    fedilink
    English
    91 day ago

    compromising a keypair is a huge win. lets you impersonate the domain. shorter validation periods = smaller windows of compromised situations.

    basically the smaller you make the window the less manual intervention and the less complicated infrastructure gets. currently TLS systems need a way to invalidate certificates. get them down to a day and suddenly that need just disappears. vastly simplifying the code and the system. 6 days is a huge improvement over 90 days.

    • jonw
      link
      fedilink
      English
      21 day ago

      Ok, I slid right by the “compromised” word. Makes sense now.

      • @jatone@lemmy.dbzer0.com
        link
        fedilink
        English
        -1
        edit-2
        1 day ago

        you mean you slid right on by an understanding of how security infrastructure works. since one always assumes credentials will be compromised.

        • jonw
          link
          fedilink
          English
          019 hours ago

          I mean I just missed that part.