this post was submitted on 14 Apr 2025
24 points (90.0% liked)
Cybersecurity
7123 readers
74 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]
Notable mention to [email protected]
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This isn't an overnight change, we have 3 years until the 47 day certificates go into effect.
In terms of increasing their capacity by the 10x, having shorter certificate lifetimes means that CAs will have a shorter list of valid but revoked certificates, and also will have way less of valid certificates in the certificate transparency logs. These are checked constantly, so the reduced size means less costs serving this information.
CAs are already charging an arm and a leg for very little work of signing the certificates. Doing domain validation is an automated process, so unless the need is for OV certificates (which doesn't differentiate you anymore in modern browsers), CAs won't need to hire more people for issuing certificates. With Let's Encrypt being a free option that supports ACME, if CAs use this change as a cash grab, they'll probably see clients move away rather than put up with the outrageous costs.