That works fine with a brand new device you just unboxed. But what should happen... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		ithkuil on June 28, 2020 \| parent \| context \| favorite \| on: Chromium and Mozilla to enforce 1 year validity fo... That works fine with a brand new device you just unboxed. But what should happen 3 years later? Should the IoT device have a certificate that is valid forever?

paledot on June 28, 2020 [–]

I would say yes, as long as certificates are unique per-device. The harm of my light bulb's cert being compromised is less than the harm of my light bulb no longer working if the manufacturer's CA goes offline and it can't renew its cert.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact