From: "Steven Levine" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTP id 2480205 for ecs-isp@2rosenthals.com; Sat, 16 May 2026 18:11:14 -0400 Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:48488 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1wONE1-0000000018x-1WEq for ecs-isp@2rosenthals.com; Sat, 16 May 2026 18:11:13 -0400 Received: from mta-101a.earthlink-vadesecure.net ([51.81.61.60]:50257) by mail2.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1wONDz-000000003La-1Ymr for ecs-isp@2rosenthals.com; Sat, 16 May 2026 18:11:11 -0400 DKIM-Signature: v=1; a=rsa-sha256; bh=Tk1WSguJYOag/d0UjAOC6u16ivIA/kP0+H4QDp Apbn0=; c=relaxed/relaxed; d=earthlink.net; h=from:reply-to:subject: date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to: references:list-id:list-help:list-unsubscribe:list-unsubscribe-post: list-subscribe:list-post:list-owner:list-archive; q=dns/txt; s=dk12062016; t=1778969470; x=1779574270; b=DAxkBoBp7WP055W6uqIVSUBv7ck c9/By4ogfCEMby0MjJXmJlnmPl3hPv2hTJAMFRIqm6+9hpmJQ+Nqx0ppf9G5nJqQGFtkB4m NXNN9bHxwGyFKmcifq9l2yn2vmaAVM5Y7cW4lkvSLE0ntAI2gUGzme1ieuqNqNIAjwYOU0H OZoNvC/TBA0O78KIu5CLkRELkoLTNy1FyfkuBmra84RHTBOVF7GQqiAs5DZSolWg4ciH/1u VOLcQTNhfsD+85NB++tll8eNNBUNURwwlJU00GKMcmGO+nn6QxsMJRqFoaFPup9qxykxjGd 3YyBw+NoRkVBTul0z+Na29dLDUwLjvQ== Received: from slamain ([107.202.224.188]) by vsel1nmtao01p.internal.vadesecure.com with ngmta id bc6c2fdd-18b02b4eba2b64d2; Sat, 16 May 2026 22:11:10 +0000 Message-ID: <6a08e9bd.2.mr2ice.fgrirsq@earthlink.net> Date: Sat, 16 May 2026 15:03:41 -0700 To: "eCS ISP Mailing List" In-Reply-To: Subject: Re: [eCS-ISP] SSL cert lifetime X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v3.00.11.24/60 In , on 05/14/26 at 11:40 AM, "Lewis G Rosenthal" said: Hi, >validity duration from 398 days to 47 days. The first phase has started >and validity is now 200 days. This will again change to 100 days by >March 2027 and finally to 47 days by March 2029. The good news is that there is plenty of time to prepare for the full switchover to 47 day lifetimes and for the effects of the interim life time changes to be evaluated. I have no idea how big CRLs tend to be these days, but reducing their size cannot be a bad thing. >The whole argument about shorter cert lives being more secure is a tough >one for me, given the availability of OCSP stapling and other >validation/revocation methods. Oh, well. As others have mentioned both OCSP and OCSP stapling seem to be going away. It appears that neither really is widely in use. Steven -- ---------------------------------------------------------------------- "Steven Levine" Warp/DIY/BlueLion etc. www.scoug.com www.arcanoae.com www.warpcave.com ----------------------------------------------------------------------