💾 Archived View for rawtext.club › ~sloum › geminilist › 002095.gmi captured on 2020-10-31 at 02:43:41. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2020-09-24)
-=-=-=-=-=-=-
Solderpunk solderpunk at posteo.net
Mon Jul 6 15:36:46 BST 2020
- - - - - - - - - - - - - - - - - - -
On Mon Jul 6, 2020 at 4:35 PM CEST, Laurens Vets wrote:
Also not that soon(-ish) Apple, Google & Mozilla browsers will _only_
accept certificates with a valid lifetime of maximum 1 year effectively
making this a "standard". While not necessarily relevant to Gemini
directly, it's something to keep in mind.
Yes, the CA/Browser forum (https://cabforum.org/) is really pushing forshorter certificate lifespans. It makes a good amount of sense if youbuy into the whole CA system. I think under a TOFU scheme the structureof incentives and risks is pretty different. At least in these earlydays where there's no widespread agreement and implementation on ways torotate keys more regularly without training users to always clickthrough any warning they see, I think using longer lived certs hasdefinite upsides.
Cheers,Solderpunk