• 0x0@programming.dev
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    18
    ·
    14 days ago

    Smells like you didn’t read the article, it’s an ongoing trend:

    Max lifespans of certs have been gradually decreasing over the years in an ongoing effort to boost internet security. Prior to 2011, they could last up to about eight years. As of 2020, it’s about 13 months.

    • li10@feddit.uk
      link
      fedilink
      English
      arrow-up
      35
      arrow-down
      1
      ·
      14 days ago

      Reducing it to one year made sense, one year down to 10 days is actually a fucking massive difference. Practically speaking, it’s a far, far bigger change than 8 years down to 1.

      This isn’t just an “ongoing trend” at this point, it would be a fundamental change to the way that certificates are managed i.e. making it impossible to handle renewals manually for any decently sized business.

      • Cort@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        13 days ago

        They never said the ongoing trend wasn’t logarithmic. By 2030 you’ll be updating certs 6-8 times a day! Please drink verification can.

    • fartsparkles@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      27
      arrow-down
      1
      ·
      edit-2
      14 days ago

      Thank you for the smug response however I did indeed read the article and going from 13 months to 10 days is not a trend but a complete rearchitecture of how certificates are managed.

      You have no idea how many orgs have to do this manually as their systems won’t enable it to be automated. Following a KBA once a year is fine for most (yet they still forget and websites break for a few days; this literally happened to NVD of all things a few weeks ago).

      This change is a 36x increase in effort with no consideration for those who can’t renew and apply certs programmatically / through automation.

      • corsicanguppy@lemmy.ca
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        13 days ago

        This change is a 36x increase in effort with no consideration for those who can’t renew and apply certs programmatically / through automation

        Don’t worry. All that old gear is at least 45 days old - so old - and isn’t an apple product anyway probably. Ergo, support isn’t their issue and you will have to take that up with your OEM because la-la-la-laaaaa, can’t hear you. Wanna go ride bikes?

      • 0x0@programming.dev
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        6
        ·
        14 days ago

        I did indeed read the article

        Smells like Apple knows something but can’t say anything.

        Then do explain your conspiracy theory. Sectigo could go for a money grab, otherwise… probably just forcing automation without thinking of impact, as usual.