[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029
Michael Kjörling
9bf3a7ef93bb at ewoof.net
Wed Apr 23 15:39:55 EDT 2025
On 23 Apr 2025 12:28 -0700, from jon at callas.org (Jon Callas):
>> What are the downsides to DNSSEC? Both honest and real, and imagined or excuses.
>
> If you haven't read Tom Ptacek's "Against DNS" <https://sockpuppet.org/blog/2015/01/15/against-dnssec/>, you should. While not every one of his comments are things everyone agrees with, the points are all well-argued.
>
> The objection that is most apropos is outlined again here, <https://infosec.exchange/@tqbf/109938525731567458>, that it is just another PKI and one where the CAs are the top-level-domain owners -- governments. [...]
Another page which is relevant to the question would be <https://blog.apnic.net/2024/05/28/calling-time-on-dnssec/>.
--
Michael Kjörling
🔗 https://michael.kjorling.se
More information about the cryptography
mailing list