6-day and IP Address Certificates are Generally Available

39 points by fanf

hoistbypetard

Short-lived certificates are opt-in and we have no plan to make them the default at this time.

That sounds ominous, for some reason.

silby

The CA/B Forum baseline requirements currently anticipate a maximum server certificate lifetime of 47 days starting in 2029. I’d be surprised if they never reduce it again.
- fanf
  
  I wonder if CRLite will work well enough to reduce the downward pressure on certificate lifetimes.
  - hoistbypetard
    
    If I were a betting man, I'd wager that things will come into balance for lifetimes around 4 weeks. And I do think CRLite will help stabilize that.
  - freddyb
    
    I'd be so excited to see it more universally applied.
- fs111
  
  certificate transparency logs would explode if those were the default
regalialong

Honestly the idea of IP Address Certificates sounds really cool and might be useful for some more throwaway-y services :D
ysun

I mean… If IP addr certs are available under shorlived profile, I don’t see why they can’t make rDNS (.arpa zones) available