[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029

Fri Apr 18 00:05:47 EDT 2025

> On Apr 17, 2025, at 11:10 AM, Peter Fairbrother <peter at tsto.co.uk> wrote:
> 
> On 16/04/2025 21:26, Ron Garret wrote:
>>> On Apr 16, 2025, at 11:55 AM, Andrew Lee <andrew at joseon.com> wrote:
>>> 
>>> Because it’s literally not any less secure than getting a signed cert from a signer who signs for anybody all the time (eg all of them).
>>> 
>>> As an example - let’s encrypt will issue to anybody who can prove control of a domain
>> You have contradicted yourself in the span of two sentences.  Proving control of a domain is not very secure, but it's not nothing either.  It does prevent some level of deterrence to MITM attacks, which would otherwise be utterly trivial.  And this deterrent, weak as it may be, is manifestly adequate because the web is not falling apart in the face of rampant MITM attacks.
> 
> Actually, if you control a domain name, you can most probably see/control traffic to/from it anyway. So no MITM needed.
> 
> From the user POV, if the cert is issued to domain.com, I'm talking to those who control domain.com. And (hopefully!) it's DNS lookups. Doesn't mean they *are* domain.com, just that they control the use of the name.
> 
> 
> 
> If the domain in question is paypal.com or barclaysbank.com, Paypal and Barclays should make damn sure that the real Paypal and Barclays bank control those names.
> 
> Else they are (mostly) liable for fraud, in the UK at least - the consumer doesn't set the anti-fraud and security standards, the financial institution does. So it is responsible for failures of them.
> 
> Hmmm I wonder why financial institutions don't weigh in on the matter of the subject? Liability again, I suppose. Are the Financial Institutions more powerful/influential than the "CA/Browser Forum"?

Sorry, this makes no sense to me.  Certificates protect against MITM attacks, which are trivial to mount with wifi hotspots.  If I control the network access point someone is using, I control everything: DNS, routing, ICMP, the kitchen sink.  The *only* thing I can't do is provide attestation from a third party that the host serving paypal.com <http://paypal.com/> possesses the same key that it did the last time the third party tried to talk to it.  And that matters because the third party did not talk to paypal.com <http://paypal.com/> over a sketchy wifi hotspot, it talked to it via a hard connection to a router run by a known and presumably trustworthy party.

The point is not so much control of the domain name per se, as it is providing attestation of continuity of content between an access over a sketchy internet connection vs one that occurred over a (presumably) less sketchy internet connection.  It's easy for me to MITM someone at an airport looking for free wifi.  It's a lot harder for me to MITM letsencrypt, and *that* is what matters, not the security of DNS per se.

rg

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20250417/7db9772c/attachment.htm>