[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029
Ron Garret
ron at flownet.com
Wed Apr 16 16:26:12 EDT 2025
> On Apr 16, 2025, at 11:55 AM, Andrew Lee <andrew at joseon.com> wrote:
>
> Because it’s literally not any less secure than getting a signed cert from a signer who signs for anybody all the time (eg all of them).
>
> As an example - let’s encrypt will issue to anybody who can prove control of a domain
You have contradicted yourself in the span of two sentences. Proving control of a domain is not very secure, but it's not nothing either. It does prevent some level of deterrence to MITM attacks, which would otherwise be utterly trivial. And this deterrent, weak as it may be, is manifestly adequate because the web is not falling apart in the face of rampant MITM attacks.
rg
More information about the cryptography
mailing list