[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029

Wed Apr 23 08:55:57 EDT 2025

  *   All the CAbal exists only because of browsers refusing to do DNSSEC,
even now they have a clean and secure path via DoH anyways....

If some random client Joe wants to securely browse some random site foo.blog, how many parties need to be involved?  With TLS, I need the browser and its trust store, Joe, and the owner of foo.blog talking to a CA. Let’s pick a more complicated example, www.kingston.ci.ma.us. The number of entities is still the same.  What’s it like for DNSSEC?  Honestly curious.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20250423/6325043e/attachment.htm>