[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029
Kent Borg
kentborg at borg.org
Sun Apr 20 11:13:00 EDT 2025
I thought I saw someone here shrugging off the risk of MitM attacks. Be
careful. An awful lot of users connect via wifi, and, as flawed as the
certificate system is, it makes it hard for random evil hotspots to
pretend to be your bank or your e-mail. If we were back at plain http
these attacks would be a big problem. The system does work…to the extent
it works.
A different point: If bigish nation-state wants to MitM the connection
to my bank, the certificate system is not the hard part. Just get a bent
CA to issue the fake certificate they need. But mostly this isn't a big
problem, nation-states mostly can't be bothered and have better options.
-kb
More information about the cryptography
mailing list