People went ballistic on me a few months ago for bringing this up, but this is exactly the kind of outage that makes me really, really worried about extremely short lived certificates. https://news.ycombinator.com/item?id=46118371
I'm not sure I follow. This outage seems like it occurred for less than 1 day. The post you link to is about having certificates expire after 45 days. What's the connection you see?
Some CAs are experimenting with shorter, 7 day certificates as well.
still not an outage that would endanger anyone's ability to renew in time, but for small or extremely shitty CAs (and there are a lot of those) such an outage may take enough time to cause issues in theory I guess?
It doesn't have to be small or more shitty than average. If Google has
a compliance issue and can meet it in 8 hours then its a pretty clear one.
They could have an issue that needs round trips of discussions with
auditors before resuming. etc. I'm not familiar with 24/7 auditor
services.
That's only if you delay renewal until the last day of the lifetime of the certificate. If you renew at day 30 you'd only get in trouble if there's more than two weeks of downtime.
You’re supposed to renew your cert way in advance of the expiration time. For 47-day certs the general expectation is that you renew them monthly, so in the worst case you’d need more than two weeks of CA outage before anything went wrong.
You're joking, but still: that's one very possible outcome of both requiring centrally issued certificates for security reasons and browsers refusing to display websites without.
Effectively certificates are now a license to publish.
