On Mon, 2025-05-26 at 15:19 -0400, Jeffrey Walton wrote: > To reduce the size of Certificate Revocation List (CRL), and recover > quickly from a compromised host. Conventional wisdom is, browsers > don't download CRLs or OCSP, so a short validity closes the gap in > browser behavior. That's the first answer I've found that seemed logical. I remember in the past having to manually set browsers to check for revocation of certificates, because they didn't. Which seemed a rather dumb lack of cross-checking. Though it also seems that constantly changing something adds another vector for some kind of screw-up. Somewhat like the very dumb idea of making people constantly change their passwords. -- uname -rsvp Linux 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64 (yes, this is the output from uname for this PC when I posted) Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. -- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
