Chrome root policy, and likely other root policies are moving toward 5-years rot... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		nickf 50 days ago \| parent \| context \| favorite \| on: Upcoming Changes to Let's Encrypt Certificates Chrome root policy, and likely other root policies are moving toward 5-years rotation of the roots, and annual rotation of issuing CAs. Cross-signing works fine for root rotation in most cases, unless you use IIS, then it becomes a fun problem.

mikestorrent 49 days ago [–]

What an absolute pain in the ass for a mediocre increase in security.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact