On 2016-05-10, Kevin Chadwick <m8il1i...@gmail.com> wrote: >> > Also, after you generate and sign the certificate, you don't have >> > to keep the script. >> >> Validity on the letsencrypt CA is 90 days max. (Partly to restrict >> usefulness of a bad cert because they don't do CRLs, which are pretty >> much useless anyway, and partly to encourage users to automate). > > Ugghhh, I was fearing that their automate and security mantra might > clash, but they don't seem to mention it up front. 365 days already > annoys me especially as I intend to use OpenSSH for anything > particularly important and cryptanalysis is not a problem for years on > a low traffic site.
It's not about cryptanalysis, it's about reducing impact from compromised hosts and from the weak authentication systems that are done on all the "low value" DV CAs. (specifically this one is "requester had access to cause files to be served at an http server running at the address pointed to by DNS at the time it was requested" so a security failure at any of a number of points would allow access). > You enforce SSL for data submissions, a user checking keys has to check > the domain in any case and hope the browser domain matching code is > secure too (yes there has been atleast one firefox bug there) even > before considering the DNS system. Still, browsers are a higher bar than the control panels and front line support staff at a typical cheap domain host. > It's main unrealised potential benefit is; add *some* security by > default to all those insecure wordpress logins. That's a terrible reason. And actually it's "make those insecure CMS sites look more like they might be secure" when they're no such thing. Because people have been trained into equating https with security. Which is just plain wrong.