[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029

[Ron Garret]

> On Apr 16, 2025, at 2:28 PM, Andrew Lee <andrew at joseon.com> wrote:
> 
>> On Apr 16, 2025, at 1:26 PM, Ron Garret <ron at flownet.com> wrote:
>> 
>> Proving control of a domain is not very secure
>> 
>> rg
>> 
> 
> Thanks for agreeing it’s not very secure which was the immediate sentence thereafter that was cut off in the quote.

Pot.  Kettle.  You cut off the operative part of my sentence, which was "but it's not nothing either".

> As for MITM, there have been rogue SSL certs issued to surveil people - meaning, it fails sometimes.

Yes.  But failing sometimes is still better than failing all the time.

> If that’s “manifestly adequate” then the standards of yesterday are not up to par with today.

What can I say?  Somehow commerce is conducted over the internet on a daily basis despite the current sad state of the art, and that commerce is still managing to support a fairly robust technological civilization as measured by historical standards.  I'm not saying things could not be improved, only that they could be a whole lot worse than they are, and so dismissing the current state of the art as "a racket" is grossly unfair.  It actually works for some not-entirely-unreasonable definition of "works", which is no small achievement for planetary-scale infrastructure.

rg