Via @riskybiz newsletter:
Apple want to reduce TLS cert lifetimes down to 10 days by Sept 2025.
I agree with reducing lifetimes but it doesn't leave a lot of time for the many awkward use cases. We'd have to build provisioning/mgmt services & make sure we cover all our servers & hardware (at least 5 or 6 digits worth of servers/appliances). That's a *lot* of work alongside everything else we have to do (with ever-decreasing numbers of staff).
@tdp_org @riskybiz I use LE reluctantly because it's the only way to get free certs but it's another thing to have to monitor.. and I couldn't imagine most barely technical businesses doing the scripting I needed to restart affected services once a month. I'm just imagining some of the places I work having to handle TLS expiry every ten days.. it often took longer than that for there to be time for someone to even look at it.
@tdp_org @riskybiz Another case I can think of is a project I occasionaly work with.. it needs a valid TLS cert because it interfaces with a car browser, but it has no ability to renew that cert nor could it, as the device doesn't own the domain. Only way to do it would be a firmware update every 10 days, which would be just silly.
