This may have been mentioned before but when I was setting up my first client certificate (this one) I only gave it a couple years before it expired. I guess it's not a huge deal to add another cert here on bubble and on station but is there anything I might be missing?
I can't think of anything.
I know this dips into user verification but didn't want to open that rabbit hole again.
=> Posted in: s/Gemini
=> đ gritty
2023-07-17 ¡ 2 years ago
=> đšī¸ skyjake [mod...] ¡ 2023-07-18 at 11:40:
I think the biggest factor is user convenience. A 100+ year expiration time lets you not worry about it at all, however if your private key leaks, the certificate can then potentially be used any others for a long time. A short expiration time ensures that leaks are less harmful, in case there is no way to revoke the certificates (and on Gemini there isn't one global way to do that), but the price to pay is that you'll need to periodically remember to renew the certificates.
text/gemini; charset=utf-8This content has been proxied by September (3851b).