I'm not sure I follow. This outage seems like it occurred for less than 1 day. The post you link to is about having certificates expire after 45 days. What's the connection you see?
Some CAs are experimenting with shorter, 7 day certificates as well.
still not an outage that would endanger anyone's ability to renew in time, but for small or extremely shitty CAs (and there are a lot of those) such an outage may take enough time to cause issues in theory I guess?
It doesn't have to be small or more shitty than average. If Google has
a compliance issue and can meet it in 8 hours then its a pretty clear one.
They could have an issue that needs round trips of discussions with
auditors before resuming. etc. I'm not familiar with 24/7 auditor
services.
That's only if you delay renewal until the last day of the lifetime of the certificate. If you renew at day 30 you'd only get in trouble if there's more than two weeks of downtime.
You’re supposed to renew your cert way in advance of the expiration time. For 47-day certs the general expectation is that you renew them monthly, so in the worst case you’d need more than two weeks of CA outage before anything went wrong.
jeroenhd|11 days ago
still not an outage that would endanger anyone's ability to renew in time, but for small or extremely shitty CAs (and there are a lot of those) such an outage may take enough time to cause issues in theory I guess?
shabloney|11 days ago
philprx|11 days ago
compared to say, roughly 1/365 probable downtime window for a 398 days cert lifetime = 0.25% downtime probability
let's pray you don't need to rotate when it's down...
Dan Geer famously said: "Dependency is the root cause of risk"...
PS: even stricter shortlived durations in some context:
Internal/Private 1 – 7 days Corporate VPNs, Internal apps
Ephemeral 5 mins – 1 hour Docker containers, CI/CD runners
kmm|11 days ago
Analemma_|11 days ago
TwoNineFive|11 days ago