{"id":760,"date":"2024-12-17T05:14:48","date_gmt":"2024-12-17T05:14:48","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2024\/12\/17\/short-lived-certificates-coming-to-lets-encrypt-html\/"},"modified":"2024-12-17T05:14:48","modified_gmt":"2024-12-17T05:14:48","slug":"short-lived-certificates-coming-to-lets-encrypt-html","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2024\/12\/17\/short-lived-certificates-coming-to-lets-encrypt-html\/","title":{"rendered":"Short-Lived Certificates Coming to Let\u2019s Encrypt"},"content":{"rendered":"\n
Short-Lived Certificates Coming to Let\u2019s Encrypt<\/div>\n

\t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

Starting next year<\/a>:<\/p>\n

\n

Our longstanding offering won\u2019t fundamentally change next year, but we are going to introduce a new offering that\u2019s a big shift from anything we\u2019ve done before\u2014short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time during a key compromise event.<\/p>\n

Because we\u2019ve done so much to encourage automation over the past decade, most of our subscribers aren\u2019t going to have to do much in order to switch to shorter lived certificates. We, on the other hand, are going to have to think about the possibility that we will need to issue 20x as many certificates as we do now. It\u2019s not inconceivable that at some point in our next decade we may need to be prepared to issue 100,000,000 certificates per day.<\/p>\n

That sounds sort of nuts to me today, but issuing 5,000,000 certificates per day would have sounded crazy to me ten years ago.<\/p>\n<\/blockquote>\n

This is an excellent idea.<\/p>\n

Slashdot thread<\/a>.<\/p>\n<\/div>\n

\t

\n
<\/BR>
\n Bruce Schneier
\n \t

\n
<\/BR>
\nGo to bruce schneier<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

Short-Lived Certificates Coming to Let\u2019s Encrypt Starting next year: Our longstanding offering won\u2019t fundamentally change next year, but we are going to introduce a new offering that\u2019s a big shift from anything we\u2019ve done before\u2014short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[57,411,412,1],"tags":[87],"class_list":["post-760","post","type-post","status-publish","format-standard","hentry","category-bruce-schneier","category-certificates","category-encryption","category-uncategorized","tag-bruce-schneier"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/760"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=760"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/760\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=760"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=760"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=760"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}