Am 2017-03-08 17:06, schrieb Hanno Böck:
I'd say then you're trading one security property for another.
I agree...
but: Before we used Let's Encrypt, we were pretty happy using
certificates valid for 1 or 2 years. I didn't say: use the keypair
forever - but changing it every ~60 days is a bit uncomftable, then you
really have to automate even the HPKP and TLSA/DANE thing. Changing the
Keypair once a year as we did it before using Let's Encrypt is (in my
opinion) an acceptable tradeof. Once a year you can spend one hour of
time to do the whole process manually, but not every 2 month.
_______________________________________________
Ach mailing list
[email protected]
http://lists.cert.at/cgi-bin/mailman/listinfo/ach
