[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029

Thu Apr 17 06:13:09 EDT 2025

On 16/04/2025 00:26, Ron Garret wrote:
> And this deterrent, weak as it may be, is manifestly adequate because the web is not falling apart in the face of rampant MITM attacks.

That causality should be shown not manifestly assumed. Although 
heretical, it is instructive to ask how many of these rampant MITM 
attacks actually happen. There is a perfect stability where there are 
zero MITM attacks and the certificate system works perfectly to prevent 
them.

It's instructive to examine the case of no certs. I don't recall the 
details but back in the period of the late 1990s, I did some searching 
on HTTP credit card collection, and it worked out to be around 5% of the 
commerce sites out there in pure open mode. Yet there was no outcry or 
anguish to how often these sites were being MITM'd even though it was an 
article of the faith that certificates were needed to protect credit 
card protection. Much the same thing happened with cafe wifis - there 
were a few anecdotal reports of sniffers, but no apparent MITM business 
model emerged (probably for the obvious reasons).

If you go back into the history of the thing, the evil MITM was like a 
religious devil that was much talked about and never seen. And when the 
first real MITMs turned up around 2003 (they called themselves phishers) 
they bypassed the certificate system so cleanly that nobody much 
noticed. In fact, some of them experimented with falsely aquired certs 
but gave that up and just used raw HTTP.

Which surfaces the real harm of the certificate industrial complex - 
when real attackers turned up, the certificate system got in the way of 
efforts to evolve new security methods. The orthodoxy preached that the 
SSL certificate system was The Security System, and that was that. No 
manufacturer of browsers, email clients, servers could shift because 
they were already controlled. The MITM-now-phisher grew rampant and 
drained a steady percentage from the banks & customers, and banks and 
customers were powerless. (Especially in US where they fell for the 
SMS-is-safe trick, as porting is a phone call there.) Still happening 
today, thanks to the certificate system.

In short, the certificate system was a mostly harmless fashion statement 
until actual attackers turned up. Then it turned into a millstone around 
the necks and caused us a LOT of cost. But no matter, the certificate 
industrial complex will continue to fiddle around with the numbers of 
days and block real security work until some cataclysm comes and cleans 
it out.

iang