[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029
Paul Wouters
paul at nohats.ca
Tue Apr 22 20:32:32 EDT 2025
On Mon, 21 Apr 2025, Salz, Rich via cryptography wrote:
>
> * Also, an additional thing to note, LE only exists because the CAbal lets it exist. They could change this decision at their whim with any excuse or probably
> none at all.
>
> No, they can’t. Not without actually opening themselves up to all sorts of legal charges of actually being a cabal, among others.
All the CAbal exists only because of browsers refusing to do DNSSEC,
even now they have a clean and secure path via DoH anyways....
WebPKI is just a big bandaid of DNS lookups for MX records instead
of just doing straight DNS lookups for TLSA or SVCB.
Paul
More information about the cryptography
mailing list