Doesn't matter. This is a push by the CA/Browser Forum. Google, Mozilla, and all... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		bigbuppo 23 days ago \| parent \| context \| favorite \| on: Upcoming Changes to Let's Encrypt Certificates Doesn't matter. This is a push by the CA/Browser Forum. Google, Mozilla, and all the CAs got together and said, "hey, what if we just made certificates shorter because we're too stupid to figure out a revocation mechanism that actually works other than expiration." They've tried this shit before, but saner heads prevailed. This time they did not.

tptacek 23 days ago | [–]

Shorter lifetimes strongly push customers towards ACME and thus away from commercial CAs, so it's odd to suggest that CAs subverted this process.

ekr____ 23 days ago | [–]

Mozilla does have a revocation mechanism that actually works.

https://hacks.mozilla.org/2025/08/crlite-fast-private-and-co...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact