[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029
Andrew Lee
andrew at joseon.com
Wed Apr 16 17:28:39 EDT 2025
> On Apr 16, 2025, at 1:26 PM, Ron Garret <ron at flownet.com> wrote:
>
> Proving control of a domain is not very secure
>
> rg
>
Thanks for agreeing it’s not very secure which was the immediate sentence thereafter that was cut off in the quote.
As for MITM, there have been rogue SSL certs issued to surveil people - meaning, it fails sometimes. If that’s “manifestly adequate” then the standards of yesterday are not up to par with today.
In fact, if we allowed that to be the standard then we should also allow AI to control our lives, since it only fails sometimes.
If, for example, Google had self-signed their certs or browsers incorporated multiple signer certs (not some x509 legacy), then the fake Gmail certs issued by Diginotar wouldn’t have led to everyone getting MITM’d while visiting their webmail client.
There are a number of technologically superior methods of authenticating without the need of an officially “trusted” single, third party signer.
The only thing standing in the way of said simple progress is this “regulatory body” that acts as a cabal defining the limitations on how this all works.
And I share a quote:
“Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act.”
More information about the cryptography
mailing list