[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029
Salz, Rich
rsalz at akamai.com
Mon Apr 21 22:20:20 EDT 2025
* The foundation of the Cabal is that the browsers volunteer to accept the CAbal's recommendations.
The real power in the CA/Browser forum is in the hands of the browsers. Yes, it was created by someone from a CA (Sasha or something, from Digicert? Or something like that) and from when it was just a topic of conversation, they were very concerned about collusion and anti-trust.
Note that the browsers (and depending on how you count, the real population is essentially some number between one and four) can force a CA out of business by removing them from their default trust store. And they’ve done it several times (DigiNotar, Symantec, Entrust, etc) The browsers must also be careful not be seen collaborating when they do that kind of thing.
* In short, [LetsEncrypt is] pretty safe.
Agreed. If only there was more than one of them.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20250422/ea89c5b0/attachment.htm>
More information about the cryptography
mailing list