Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

When I search for that, all of my hits are about a key-transport protocol that doesn't seem related to certificates at all.

Expiration and revocation are far from the same thing. If my site's private key gets stolen, I want clients to stop trusting it today, not next year.

Expiring roots means that if a device stops getting updates from its vendor, it will gradually become a brick even if no CAs do anything wrong.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: