[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029
Andrew Lee
andrew at joseon.com
Sat Apr 19 20:45:29 EDT 2025
On Apr 19, 2025, at 5:08 PM, iang <iang at iang.org> wrote:
>
>
> On 19/04/2025 00:43, Christian Huitema wrote:
>> On 4/18/2025 1:03 PM, iang via cryptography wrote:
>>
>>> All of this could have been bypassed if the browser/site system had
>>> simply negotiated a single-site self-signed certificate. But, oh, no, we
>>> can't encourage that because it will cause the chaos of ages, cute
>>> pupies will die and CAs won't earn their rent.
>> Isn't the "CA's rent" argument a tiny bit obsoleted by Let's Encrypt?
>
> So the end effect was that LE got all the won't-pays and the commercial
> CAs kept the will-pays. With a little branding and prejudice, your
> serious website wouldn't be seen dead with an LE cert, so still good
> money to be made in printing numbers.
>
> In sum, for sure, this was a big effect, but not as devastating as one
> would think.
>
>
> iang
>
>
In addition, the CAbal is getting involved in everything else they can. For example, try distributing a compiled binary/executable file to a windows user. You’ll need to spend ~$1000 for that (per year).
Also, an additional thing to note, LE only exists because the CAbal lets it exist. They could change this decision at their whim with any excuse or probably none at all.
- Andrew
More information about the cryptography
mailing list