On 18.06.2016 03:41, Gordon Messmer wrote:> On 06/17/2016 07:56 AM, James B. Byrne wrote:
>> On Thu, June 16, 2016 14:09, Gordon Messmer wrote:
>>> I doubt that most users check the dates on SSL certificates,
>>> unless they are familiar enough with TLS to understand that
>>> a shorter validity period is better for security.
>> What evidence do you possess that supports this assertion and would
>> you care to share it with us?
> https://letsencrypt.org/2015/11/09/why-90-days.html
"29% of TLS transactions use ninety-day certificates."
could this statement be a little bit more precise ...
or another thought, if every website contained
this: <IMG
SRC="https://www.track.org/track.png?id=75r75fbbf75hfn">
and the host 'www.track.org' used a 90day throw-away certificate
then the statement wouldn't say anything,
because nobody said, if it was in connection with explicit wanted TLS
transactions ...