[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029

[Theodore Ts'o]

On Tue, Apr 22, 2025 at 08:35:31AM +0000, iang via cryptography wrote:

> > But that's because the defense is in place.  It's plausible that
> > the reason we're not seeing MITM attacks is because the defense is
> > effective.
> 
> Entirely plausible, as is the alternate argument - it's not
> happening because it's not economic. The question is, where's the
> evidence that tells it is one or the other?

The two are the same thing.  No defense is 100% effective.  A defense
is effective if it increases the effort required by the attacker such
that the cost/benefit ratio means that carrying out that attack is no
longer cost effective.

Using SSL and certificate has certainly made it harder for attackers.
When we say that it might not deter a nation state attacker, that's
because their cost benefit ratio might be different from a random high
school script kiddie.  But even if we don't make it impossible for a
nation state attacker, it doesn't mean that the certificates are not
worthwhile.

> Well, it's the state of the world we live in - phishing is an MITM,
> just a different sort. And when it turned up, the browsers, the CAs,
> the mail & web providers were all pretty unified in ignoring
> it. They all felt it wasn't their problem, someone else was
> "clearly" to blame. And they were too busy defending against the
> MITM that wasn't happening to seriously consider the MITM that was
> happening. Very responsible people, they even organised CABForum to
> make sure this sort of thing got taken seriously.

Browsers and other actors *have* been trying to solve this problem.
And it's called FIDO2 Passwordless Authentication.  And there have
been earlier variants of this technology, including two-factor
authenticaiton, which isn't perfect, but it stopped a lot of the
simpler phishing attacks, and so people continued interating until
they came up with passkeys.

							- Ted