Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
woodruffw 3 days ago

The "end game" is mentioned explicitly in the article:

> Shorter lifetimes mitigate the effects of using potentially revoked certificates. In 2023, CA/B Forum took this philosophy to another level by approving short-lived certificates, which expire within 7 days, and which do not require CRL or OCSP support.

Shorter-lived certificates make OCSP and other revocation mechanisms less of a load-bearing component within the Web PKI. This is a good thing, since neither CAs nor browsers have managed to make timely revocation methods scale well.

(I don't think there's any monetary or power advantage to doing this. The reason to do it is because shorter lifetimes make it harder for server operators to normalize deviant certificate operation practices. The reasoning there is the same as with backups or any other period operational task: critical processes must be continually tested and evaluated for correctness.)

sitkack 3 days ago | parent [-]

Don't lower cert times also get people to trust certs that were created just for their session to MITM them?

That is the next step in nation state tapping of the internet.

woodruffw 3 days ago | parent | next [-]

I don't see why it would; the same basic requirements around CT apply regardless of certificate longevity. Any CA caught enabling this kind of MITM would be subject to expedient removal from browser root programs, but with the added benefit that their malfeasance would be self-healing over a much shorter period than was traditionally allowed.

ezfe 3 days ago | parent | prev [-]

lol no? lower cert times still extend the root certificates that are already trusted. It is not a noticeable thing when browsing the web as a user.

A MITM cert would need to be manually trusted, which is a completely different thing.

Lammy 3 days ago | parent [-]

I think their point is that a hypothetical connection-specific cert would make it difficult/impossible to compare your cert with anybody else to be able to find out that it happened. A CA could be backdoored but only “tapped” for some high-value target to diminish the chance of burning the access.

woodruffw 3 days ago | parent | next [-]

> I think their point is that a hypothetical connection-specific cert would make it difficult/impossible to compare your cert with anybody else to be able to find out that it happened.

This is already the case; CT doesn't rely on your specific served cert being comparable with others, but all certs for a domain being monitorable and auditable.

(This does, however, point to a current problem: more companies should be monitoring CT than are currently.)

roblabla 3 days ago | parent | prev | next [-]

Well, the cert can still be compared to what's in the CT Log for this purpose.

sitkack 3 days ago | parent | prev [-]

Yes, precisely.