[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029
Nico Williams
nico at cryptonector.com
Mon Apr 21 12:45:26 EDT 2025
On Fri, Apr 18, 2025 at 02:18:18PM +0100, Howard Chu wrote:
> I think there's some merit to it, in a different context. Funny thing,
> back in 2000, Symas' Connexitor used auto-generated short-lived TLS
> certs too. We treated them much like Kerberos tickets.
This is why Kerberos tickets are short-lived: Kerberos has no revocation
protocol (no CRLs, no OCSP), so short-lived tickets and authz checks at
relying parties if they have something more timely than ticket
expiration for revocation (which typically they do).
> Most of the CA nonsense is because the commercial CA model was broken
> from the start. The original X.500 model assumed one authoritative CA
> per country. [...]
And x.509 has name constraints that didn't get implemented. Not that
their being implemented would have prevented the commercial CA model, I
don't think, but it certainly didn't help.
> [...]. In the IETF context, only domain registrars should ever
> have been root level CAs, and they should only ever have issued
Because unlike PKIX DNS has functioning (essentially required to
function) name constraints in the form of delegations.
> intermediate CA certs to the domains under their authority. Domain
> owners should have been responsible for issuing their own certs for
> entities in their own domain.
This would be DANE.
More optimization is needed to make DANE palatable to browser devs.
Nico
--
More information about the cryptography
mailing list