[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Apr 17 21:55:45 EDT 2025
iang via cryptography <cryptography at metzdowd.com> writes:
>It's instructive to examine the case of no certs. I don't recall the details
>but back in the period of the late 1990s, I did some searching on HTTP credit
>card collection, and it worked out to be around 5% of the commerce sites out
>there in pure open mode. Yet there was no outcry or anguish to how often
>these sites were being MITM'd even though it was an article of the faith that
>certificates were needed to protect credit card protection.
Bruce Schneier had a great quote around this at the time, something like "the
claim is that if we didn't have SSL [with all the PKI folderol], chaos would
result. Turn off SSL on your computer/server and watch the complete lack of
chaos that results".
Peter.
More information about the cryptography
mailing list