EduardCyber.mil serving file downloads using TLS certificate which expired 3 days ago
So what? They keep shortening the validity length of these certificates, making them more and more of a pain to deal with.
Which is yet another chore. And it doesn’t add any security. A certificate expired yesterday proves I am who I am just as much as it did yesterday. As long as the validity length is shorter than how long it would take somebody to work out the private key from the public key, it is fine.
An expired cert is a smell. It shows somebody isn't paying attention.
And a short expiration time absolutely increases security by reducing attack surface.
It did until it got so short that it created a new potential attack surface — the scripts everyone is using to auto update them.
Compared to the manual processes these scripts replaced, I'd put more trust in the automations.
And the original article shows you how that is going