114
Sysadmins slam Apple’s SSL/TLS cert lifespan cuts (www.theregister.com)
submitted 18 hours ago by misk@sopuli.xyz to c/technology@lemmy.world
45 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] 0x0@programming.dev -5 points 17 hours ago

Smells like you didn't read the article, it's an ongoing trend:

Max lifespans of certs have been gradually decreasing over the years in an ongoing effort to boost internet security. Prior to 2011, they could last up to about eight years. As of 2020, it's about 13 months.

[-] fartsparkles@sh.itjust.works 22 points 15 hours ago* (last edited 15 hours ago)

Thank you for the smug response however I did indeed read the article and going from 13 months to 10 days is not a trend but a complete rearchitecture of how certificates are managed.

You have no idea how many orgs have to do this manually as their systems won’t enable it to be automated. Following a KBA once a year is fine for most (yet they still forget and websites break for a few days; this literally happened to NVD of all things a few weeks ago).

This change is a 36x increase in effort with no consideration for those who can’t renew and apply certs programmatically / through automation.

[-] corsicanguppy@lemmy.ca 2 points 6 hours ago

This change is a 36x increase in effort with no consideration for those who can’t renew and apply certs programmatically / through automation

Don't worry. All that old gear is at least 45 days old - so old - and isn't an apple product anyway probably. Ergo, support isn't their issue and you will have to take that up with your OEM because la-la-la-laaaaa, can't hear you. Wanna go ride bikes?

[-] 0x0@programming.dev -5 points 12 hours ago

I did indeed read the article

Smells like Apple knows something but can’t say anything.

Then do explain your conspiracy theory. Sectigo could go for a money grab, otherwise... probably just forcing automation without thinking of impact, as usual.

[-] li10@feddit.uk 28 points 17 hours ago

Reducing it to one year made sense, one year down to 10 days is actually a fucking massive difference. Practically speaking, it’s a far, far bigger change than 8 years down to 1.

This isn’t just an “ongoing trend” at this point, it would be a fundamental change to the way that certificates are managed i.e. making it impossible to handle renewals manually for any decently sized business.

this post was submitted on 16 Oct 2024
114 points (91.9% liked)

Technology

58685 readers
4797 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world