On Mon, Aug 8, 2022 at 10:04 PM Peter Gutmann <[email protected]> wrote:
> Hal Murray <[email protected]> writes: > > >Many security schemes get tangled up with time. TLS has time limits on > >certificates. That presents a chicken-egg problem for NTP when getting > >started. > > > >I'm looking for ideas, data, references, whatever? > > For commercial CAs, the expiry time is a billing mechanism, not a security > mechanism. A certificate is no more, or less, valid at 23:59:59 than it > is at > 00:00:01 > On the other end of the spectrum from SCADA hardware, hosting companies now provide "managed"* LetsEncrypt certificates. That means you never worry about the certificate expiring at all, at the cost of paying somewhat high prices for bandwidth. They do have an expiration, but they tend to be replaced many months before it gets close, because that part is free. thanks, Rob * e.g https://cloud.google.com/load-balancing/docs/ssl-certificates/google-managed-certs
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
