Right, because DNS entries never expire.

grishka · 2026-02-19T16:51:59 1771519919

Of course they do, they have to. But it's okay for things that are sent to you over the network to expire. It's not okay for things built into your potentially abandoned OS to expire.

snowwrestler · 2026-02-20T05:33:54 1771565634

> Of course they do, they have to.

Why do they have to?

(This will also tell you why certs in your OS need to expire.)

grishka · 2026-02-20T06:01:54 1771567314

Because domains change owners.

https://news.ycombinator.com/item?id=47074127

snowwrestler · 2026-02-24T23:21:22 1771975282

More specifically: because they cannot be revoked, they need to expire. Same with root certs.