←back to thread

Let's Encrypt is 10 years old now

(letsencrypt.org)
489 points gslin | 3 comments | 20 Nov 24 06:13 UTC | HN request time: 0s | source
Show context
stephenr ◴[20 Nov 24 11:44 UTC] No.42192960[source]
I really wish they would finally branch out and offer S/MIME certificates. Good email clients support them out of the box, it's just a PITA to get them if you don't want to order 100 at a time or something equally ridiculous for SME/individuals.
replies(1): >>42193484 #
1. account42 ◴[20 Nov 24 12:50 UTC] No.42193484[source]
Would frequent rotation be reasonable for S/MIME certs though?
replies(2): >>42193824 #>>42194373 #
2. stephenr ◴[20 Nov 24 13:37 UTC] No.42193824[source]
There's nothing specifically that says S/MIME certs would need to have the same 90-day expiration date, but even if they did, I'm making a basic assumption that if there were a standardised, free API to issue S/MIME certs, major email clients would build-in a client to request a certificate - heck it might even prompt major email providers to offer their own solutions for certs, to compete with alternatives that supported using LE certs.
3. Tepix ◴[20 Nov 24 14:50 UTC] No.42194373[source]
Once per year or less. Remember to decrypt messages, you need to keep your old certificates/keys around. You can request a new certificate with the same key but i'm not sure that's a good safety practice.