It seems the intention behind short lived certificates is pretty clear: Server operators often want to create short-lived certificates for servers in low- trust zones such as CDNs or remote data centers.
But even if this is true it needs to be analyzed why server operators want to do this and if their reasons are good ones. The only example of a security gain I can think of is the following: If a breach remains undetected but is accidentally fixed for example through automatic updates. In this case a revocation will not be issued but short-lived certificates would still invalidate the certificates an attacker may have stolen. I suppose, this is similar to the common notion of rotating secrets. To me the increase in security weighted with the difficulty of obtaining such short-lived certificates from a CA probably does not justify the extra complexity of adding subcerts. Best, Simon _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
