[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029

[Salz, Rich]

> On the other hand, with traffic re-routing, you can get a SSL/TLS cert from LE if you are on-path to the web server that the domain name resolves to [2]. And then use that cert to do MITM on people you lured to use your public hot spot.

It is more difficult than that because CA’s these days, include LE, check from a variety of places so for this to succeed you have to have multiple spots, or be almost at the “last mile” to the client.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20250425/b7333b34/attachment.htm>