[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029
Kent Borg
kentborg at borg.org
Tue Apr 22 09:19:28 EDT 2025
On 4/21/25 11:22 PM, Bill Stewart wrote:
> we missed the opportunity to have certificates based on DNSSEC,
> where the signature process would be part of the domain name purchase,
> so anything that got done was inherently going to be a bandaid.
I don't know about the specific details of "DNSSEC" (last I looked it
seemed a mess and not germane to the real world), but the idea that a
domain signature should begin with the creation or purchase of the
domain makes damn good sense.
-kb
More information about the cryptography
mailing list