I'd have it renew Monday and Thursday to avoid weekend outages.

If they put */5 in cron, a single error response will break their site and the beginning of March will also break their site.

If I would use short-lived certs I would make sure to choose an ACME client that has support for ARI (ACME Renewal Information). Then the CA will tell the client when it’s time to renew.

ACME doesn't renew certificates when there's enough time, so it'll always renew around 6 days, even if you check more aggressively.

Currently ACME sets its cron job to 12 days on 90 day certificates.

Oh definitely not. They don't want humans doing any renewals.

I was hoping Wolfram|Alpha would spit out the above, but on just entering 160 [1], we get

> A regular 160-gon is constructible with straightedge and compass.

> 160 has a representation as a sum of 2 squares: 160 = 4^2 + 12^2

> 160 is an even number.

> 160 has the representation 160 = 2^7 + 32.

> 160 divides 31^2 - 1.

> 160 = aa_15 repeats a single digit in base 15.

[1] https://www.wolframalpha.com/input?i=160

Every K-Paxian knows this.

I just got home from a stressful day in retail (oh who am I kidding; every day is stress in retail) and this gave me a chuckle I really needed. Thank you.

Is this the TLS version of the Bible?

Gilfoyle?

This made my day :D

6 days to write a prompt. One day to unleash the agents in yolo mode

Standard memory disclosure: the apple when eaten would be freed, but it would still be read, leaking its contents. Luckily its volume was low, so they couldn't exfiltrate all of it. But still, the heavens are closed for maintenance, pending a rewrite in Rust.

I have always been a bit puzzled by this. By issuing fixed length certificates you practically guarantee oscillation. If you have a massive traffic spike from, say, a CDN mass reissuing after a data breach - you are guaranteed to have the same spike [160 - $renewal_buffer] hours later.

Fuzzing the lifetime of certificates would smooth out traffic, encourage no hardcoded values, and most importantly statistical analysis from CT logs could add confidence that these validity windows are not carefully selected to further a cryptographic or practical attack.

A https://en.wikipedia.org/wiki/Nothing-up-my-sleeve_number if you will.

biweekly rotation?

What are benefits of HTTP/2 and HTTP/3 for Tor hidden service traffic?

Tor Browser handles this, it treats `.onion` as a secure context.

Well, you're not supposed to use Tor from browsers that don't explicitly support it. Tor Browser, Brave, and I'm sure some others really wouldn't mind HTTP hidden service traffic.

DV certificates (that lets encrypt) provides offer no verification of the owner. EV certificates for .onion could be actually useful though, but one generally has to pay for EV cert.

Oh I agree with it being nice, I'm just imagining more socialization oriented resistance to implementation and both large organizations and hobbyists already have answers that mostly cover the use cases even if not exactly as cleanly. Moving node to node encryption to an accelerated implementation of transport mode would be great, but if you're already using TLS I can see people just sticking in TLS versus hoping both ends had the necessary handshake->ESP path working, plus people are more experienced with existing troubleshooting, etc.

> IPSec is terrible, huge, and messy standard that company that made it took 20 years to stop getting CVE every year

This is fact, not FUD.

Microsoft has had multiple RCE vulns in their ipsec stack in the last two years.

The big vendors like Cisco had ipsec vulns for decades.

These days the issues are pretty well known and documented, but it really is a bad standard.

That's leaving money on the table, unless they continue to charge the previous tenant for the duration of quarantine.

About 99.99% of people and organisations are neither CAs nor Browsers. Hence they have no representation in the CAB Forum.

Hardly 'by definition niche' IMHO.

>which includes basically every entity that ships a popular web browser and every entity that ships certificates trusted in those browsers.

So no one that actually has to renew these certificates.

Hey! How long does a root certificate from a certificate authority last?

10 to 25 years?

Why don't those last 120 minutes? They're responsible for the "security" of the whole internet aren't they?

You're kidding, right? You've never seen a server completely inaccessible just because the owner had trouble renewing the cert? A lot of websites went down this way. And they served static content. Shortening that windows is just asking for trouble.

For better or worse the push down to 47-day certificates is an industry-wide thing, in a few years no provider will issue certificates for longer than that.

Nobody is being forced to use 6-day certs for domains though, when the time comes Let's Encrypt will default to 47 days just like everyone else.

A lot corporate environments load their root cert and MITM you anyway

What does attestation mean in this context? The point of the Web PKI is to provide consistent cryptographic identity for online resources, not necessarily trustworthy ones.

(The classic problem with self-signed certs being that TOFU doesn’t scale to millions of users, particularly ones who don’t know what a certificate fingerprint is or what it means when it changes.)

Then you might as well get rid of TLS altogether.

My browser on my work laptop has 219 root certificates trusted. Some of those may be installed from my employer, but I suspect most of them come from MS as it's Edge on Windows 11. I see in that list things like "Swedish Government Root Authority" "Thailand National Root Certification Authority" "Staat der Nederlanden Root CA" and things like "MULTICERT Root Certification Authority" "ACCVRAUZ1". I don't think there is any reason to believe any certificate. If a government wants a cert for a given DNS they will get it, either because they directly control a trusted root CA, or because they will present a warrant to a company that wants to do business in their jurisdiction and said company will issue the cert.

TLS certs should be treated much more akin to SSH host keys in the known hosts file. Browsers should record the cert the first time they see it and then warn me if it changes before it's expiration date, or some time near the expiration date.

> broken by some government agency or hacker group

Probably not. For browsers to accept this certificate it has to be logged in a certificate transparency log for anyone to see, and no such certificates have been seen to be logged.

One of the ideas behind short-lived certificates is to put certificate lifetimes within the envelope of CRL efficacy, since CRLs themselves don’t scale well and are a significant source of operational challenges for CAs.

This makes sense from a security perspective, insofar as you agree with the baseline position that revocations should always be honored in a timely manner.

I'm not sure it is about security. For security, CRLs and OCSP were a thing from the beginning. Short-lived certificates allow to cancel CRLs or at least reduce their size, so CA can save some expenses (I guess it's quite a bit of traffic for every client to download CRLs for entire letsencrypt).

It's probably not a good solution if you're dealing with clients you control.

Otoh, if you're dealing with browsers, they really like WebPKI certs, and if you're directing load to specific servers in real time, why add DNS and/or a load balancer thing in the middle?

You can have automation to fix the broken automation.

The BRs specifically forbid issuing such a certificate since 2015. So, slightly before they were required to stop using SHA-1, slight after they were forbidden from issuing certificates for nonsense like .com or .ac.uk which obviously shouldn't be available to anybody even if they do insist they somehow "own" these names.

No, what I'm saying is

1. Running a CA is more work than just setting up certbot for IP addresses, but not that much more

And that enables you to

2. Remember only domain names, which is easier than ip addresses.

I guess if you're ipv4 only and small it's not much benefit but if you have a big or bridged network like wonderLAN or the promised LAN it's much better.

Perhaps by providing some identifier in the URL?

ie. https://10.0.0.1(af81afa8394fd7aa)/index.htm

The identifier would be generated by the certificate authority upon your first request for a certificate, and every time you renew you get to keep the same one.

This is assuming NAT, with IPv6 you should be able to have globally unique IPs. (Not unique to IPv6 in theory, of course, but in practice almost no one these days is giving LAN devices public IPv4s).

A public CA won’t give you a cert for 10.0.0.1

The popular HTTP validation method has the same drawback whether using DNS or IP certificates? Namely, if you can compromise routes to hijack traffic, you can also hijack the validation requests. Right?

> IP addresses also are assigned by registrars (ARIN in the US and Canada, for instance).

To be pedantic for a moment, ARIN etc. are registries.

The registrar is your ISP, cloud provider etc.

You can get a PI (Provider Independent) allocation for yourself, usually with the assistance of a sponsoring registrar. Which is a nice compromise way of cutting out the middleman without becoming a registrar yourself.

Arguably neither is particularly secure, but you must have an IP so only needing to trust one of them seems better.

Currently when you configure DNS over TLS/HTTPS you have to set the IP address AND the hostname of the SSL certificate used to secure the service. Getting IP Address certs makes the configuration simpler

> I don't quite understand how this relates?

Erm ? Do I have to spell out that I was pointing out that there was more than the "ephemeral services" that were being guessed at that could take advantage of IP certs ?

Ideally, sure. But in some places you're what you're proposing is like trying to boil the oceans to make a cup of tea

VBA et al succeeded because they enabled workers to move forward on things they would otherwise be blocked on organizationally

Also - not seeing this kind of thing could be considered a gap in your vision. When outsiders accuse SV of living in a high-tech ivory tower, blind to the realities of more common folk, this is the kind of thing they refer to.

All major root store programs (Chrome, Apple, Microsoft, Mozilla) have this power. They set the requirements that CAs must follow to be included in their root store, and for most CAs their certs would be useless if they aren't included in all major ones.

I don't think the root programs take these kind of decisions lightly and I don't see any selfish motives they could have. They need to find a balance between not overcomplicating things for site operators and CAs (they must stay reliable) while also keeping end users secure.

A lot of CAs and site operators would love if nothing ever changed: don't disallow insecure signature/hash algorithms, 5+ year valid certs, renewals done manually, no CT, no MPIC, etc. So someone else needs to push for these improvements.

The changes the root programs push for aren't unreasonable, so I'm not really concerned about the power they have over CAs.

That doesn't mean the changes aren't painful in the short term. For example, the move to 45 day certificates is going to cause some downtime, but of course the root programs/browsers don't benefit from that. They're still doing this because they believe that in the long term it's going to make WebPKI more robust.

There's also the CA/Browser Forum where rule changes are discussed and voted on. I'm not sure how root programs decide on what to make part of their root policy vs. what to try to get voted into the baseline requirements. Perhaps in this case Chrome felt that too many CAs would vote against for self-interested reasons, but that's speculation.

I think that would have been an alternate present rather than a plausible future.

ECH needs for the outer (unencrypted) SNI to be somewhat plausible as a destination. For ECH GREASE what happens is that this outer SNI was real, what looks like the encrypted inner ECH data is just random noise.

For non-GREASE ECH we want to look as much like the GREASE as we can, except that it's not noise that's the encrypted payload with a real inner SNI among other things.

Yes, please publish the location of your dev servers in Cert Transparency logs for everyone to see.

Yes that’s correct

Ask Google "what is my IP" and compare it to your DHCP assigned address. If they are different your DHCP address isn't publically routeable.

I was trying to explain that human people have uses for this and that should be enough. Even if there aren't a ton of for-profit uses.

LE has 2 primary production data centers: https://letsencrypt.status.io/

But in general, one of the points of ACME is to eliminate dependence on a single provider, and prevent vendor lock-in. ACME clients should ideally support multiple ACME CAs.

For example, Caddy defaults to both LE and ZeroSSL. Users can additionally configure other CAs like Google Trust Services.

This document discusses several failure modes to consider: https://github.com/https-dev/docs/blob/master/acme-ops.md#if...

“Are they a single point of failure in that regard?”

It depends. If the ACME client is configured to only use Let’s Encrypt, then the answer is yes. But the client could fall-back to Google’s CA, ZeroSSL, etc. And then there is no single point of failure.

>it would be a grave error to issue an IP cert without active insight into BGP

Why? Even regular certs are handed out via IP address.

Azure has a service ('Artifact Signing') which is $10/month for signing Windows executables (not Windows Store apps, which don't need it.)

That's pretty reasonable, considering it is built in to all the major code signing tools on Windows, they perform the identity verification, and the private keys are fully managed by Azure. Code signing certs are required to be on HSMs, so you're most likely going to be paying some cloud CA anyway.

Technologies cannot be normatively evaluated without considering the power structures they facilitate.

Consider secure boot; assuming it's properly implemented, could defend against an entire class of attacks—evil maid: if a third party physically compromises your machine while you're away to install malware, you'd be alerted or stopped from booting the modified image. This is a technical statement. Now whose keys are actually trusted to sign these images? The answer is whatever power dominates in the supply chain: Microsoft, on desktop devices, and the vendor on mobile.

In the case of Microsoft, the public indignation eventually forced them to open this system up, letting the poweruser delegate their agent freely and without manufacturer's coercion. But what about Android, where the natural market forces did get the upper hand: most phones remain locked from disabling secure boot, even fewer let you enroll your own keys. They result is that most Android phones cease security updates only a few years after manufacture, the vendor's own software riddled with obvious faults (like filling a user-inaccessible partition with logs that never get wiped, even after factory reset) and known CVEs, yet nevertheless remain attested as secure for high-assurance applications like banking, as determined by Google. This hypocrisy isn't accidental: the system's real aim was not to secure the user, but to secure its monopoly, instrumented by privileged Google Play Services, harvesting data beyond what any SDK can.

I myself regularly rely on attestation—my phone runs Graphene OS and my laptop self-signs its kernel for secure boot—but I recognize that these technologies in themselves are predisposed to misuse by anti-competitive corporations and repressive regimes.

Imagine government ID backed app signing became the norm for app stores. There will no longer be open-source utilities, like scientific calculators, notes, and budget planners, as they would not bear the certification fee what is effectively volunteer work, instead replaced by their ad-ridden copycats mass-produced in a software sweatshop, featured alongside or, through malicious ads, directing to assorted malware, still just as prominent as before, signed using passport details of random people off the street, taken down as late as they can, because Google enjoys a steady revenue stream from their repeated publisher verifications and AdSense spots. And that's to say nothing of censorship circumvention tools and other politically inexpedient software.