Hacker News new | past | comments | ask | show | jobs | submit login

Nice, may I see it? There's clearly some working group or something that produces some reports about mitigating risks of short-lived certificates?



These threads are so weird. There almost certainly is a thread you can go read on a mailing list about this where people discussed this ad nauseam. But nobody is going to go out of their way to prove this to you. We have the before/after picture of the WebPKI with respect to root programs actively managing, and disregarding the concerns of systems administrators and enterprise customers. It's the world of Certificate Transparency, LetsEncrypt and TLS 1.3. The "won't anybody please think of the middlebox operators" perspective, which I'll grant still has some currency in the IETF, is almost completely discredited.


When someone asks "when CA is down or acts sus what do I do?" the response is "stfu you middlebox operator". Of course it's weird lol.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: