On Tue, Nov 26, 2013 at 02:18:58PM -0500, Vick Khera wrote:
> Using self-signed certs you can give them longevity of 10+ years, so never
> have to worry about them again :)
Unless of course you turn out to have a weak algorithm and, say, No
Such Agency decides to take up residence on your network. (It's not
clear that CAs are any protection against that either, though, of
course.) In general, 10+ years is probably too short a time to be
using a cert unless you are completely certain to whom it could be
exposed. (Some would argue that if you had that certainty, you might
not need TLS/SSL anyway. I guess I'd respond that you could use TLS
anyway because it would help in case of a network compromise.)
Best,
A
--
Andrew Sullivan
ajs(at)crankycanuck(dot)ca