aeris22’s avataraeris22’s Twitter Archive—№ 25,053

  1. …in reply to @bagder
    @bagder @PCTuning_OW @jpmens No there is no. "per se" short renew may be better in case of not seen compromission […]
    On twitter.com Twitter logo aeris22’s avatar Mood 0
    1. …in reply to @aeris22
      @bagder @PCTuning_OW @jpmens […] because in this case, you need to redo compromission ever and ever, and raise probability to be seen. […]
      Permalink On twitter.com Twitter logo aeris22’s avatar Mood 0
      1. …in reply to @aeris22
        @bagder @PCTuning_OW @jpmens […] But with overall X.509/TLS ecosystem (DANE, HSTS, HPKP, OCSP stapling…), shortening cert renew is worse.
        Permalink On twitter.com Twitter logo aeris22’s avatar Mood -3 🙁
        1. …in reply to @aeris22
          @bagder @PCTuning_OW @jpmens Typically in HPKP, the time between a HPKP change and first HPKP expiration is critical […]
          Permalink On twitter.com Twitter logo aeris22’s avatar Mood 0
          1. …in reply to @aeris22
            @bagder @PCTuning_OW @jpmens You have no choice in case of compromission during this period : you need to keep compromised material online.
            Permalink On twitter.com Twitter logo aeris22’s avatar Mood -1 🙁
            1. …in reply to @aeris22
              @bagder @PCTuning_OW @jpmens If you renew key each 90d with recommended 60d HPKP expiration, you only have 30d of real security…
              Permalink On twitter.com Twitter logo aeris22’s avatar Mood +2 🙂