On 18.06.2016 03:41, Gordon Messmer wrote:
On 06/17/2016 07:56 AM, James B. Byrne wrote:
On Thu, June 16, 2016 14:09, Gordon Messmer wrote:
I doubt that most users check the dates on SSL certificates,
unless they are familiar enough with TLS to understand that
a shorter validity period is better for security.
What evidence do you possess that supports this assertion and would
you care to share it with us?
https://letsencrypt.org/2015/11/09/why-90-days.html
"29% of TLS transactions use ninety-day certificates."
could this statement be a little bit more precise ...
or another thought, if every website contained
this: <IMG SRC="https://www.track.org/track.png?id=75r75fbbf75hfn";>
and the host 'www.track.org' used a 90day throw-away certificate
then the statement wouldn't say anything,
because nobody said, if it was in connection with explicit wanted TLS
transactions ...
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
![https://www.track.org/track.png?id=75r75fbbf75hfn"](https://www.track.org/track.png?id=75r75fbbf75hfn"){kind=link}