In <list-2450420@2rosenthals.com>, on 05/14/26
at 11:40 AM, "Lewis G Rosenthal" <ecs-isp@2rosenthals.com> said:
Hi,
>validity duration from 398 days to 47 days. The first phase has started
>and validity is now 200 days. This will again change to 100 days by
>March 2027 and finally to 47 days by March 2029.
The good news is that there is plenty of time to prepare for the full
switchover to 47 day lifetimes and for the effects of the interim life
time changes to be evaluated. I have no idea how big CRLs tend to be
these days, but reducing their size cannot be a bad thing.
>The whole argument about shorter cert lives being more secure is a tough
>one for me, given the availability of OCSP stapling and other
>validation/revocation methods. Oh, well.
As others have mentioned both OCSP and OCSP stapling seem to be going
away. It appears that neither really is widely in use.
back to list