A Note from Our Executive Director

Key bit:<p>&gt; but we are going to introduce a new offering that’s a big shift from anything we’ve done before - short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time during a key compromise event.

On a side note, I&#x27;ve had fun playing with something like this with Caddy and StepCA and bind running in a homelab. I&#x27;ve managed to, using the rfc2136 plugin, managed to rotate certs every ten minutes.<p>Every six days is fine, just use something like Caddy that rotates the certs for you and it should just be set it and forget it.<p>Yes, I realize this is a bit glib.

Prossimo: That would be rustls, a project that bypassed openssl in every aspect by now. Really everybody should switch over.<p><a href="https:&#x2F;&#x2F;www.memorysafety.org&#x2F;initiative&#x2F;rustls&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.memorysafety.org&#x2F;initiative&#x2F;rustls&#x2F;</a>

Interesting choice of 6 days. Any reason 6 was picked?