this post was submitted on 14 Apr 2025
38 points (97.5% liked)

Technology

2571 readers
374 users here now

Which posts fit here?

Anything that is at least tangentially connected to the technology, social media platforms, informational technologies and tech policy.

Rules

1. English onlyTitle and associated content has to be in English.
2. Use original linkPost URL should be the original link to the article (even if paywalled) and archived copies left in the body. It allows avoiding duplicate posts when cross-posting.
3. Respectful communicationAll communication has to be respectful of differing opinions, viewpoints, and experiences.
4. InclusivityEveryone is welcome here regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
5. Ad hominem attacksAny kind of personal attacks are expressly forbidden. If you can't argue your position without attacking a person's character, you already lost the argument.
6. Off-topic tangentsStay on topic. Keep it relevant.
7. Instance rules may applyIf something is not covered by community rules, but are against lemmy.zip instance rules, they will be enforced.

Companion communities

[email protected]
[email protected]

Icon attribution | Banner attribution

If someone is interested in moderating this community, message @[email protected].

founded 1 year ago
MODERATORS
[email protected]
38
SSL/TLS certificates will last 47 days max by 2029 (www.theregister.com)
submitted 2 weeks ago by [email protected] to c/[email protected]
17 comments fedilink hide all child comments
 

IT admins, get ready to grumble

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 8 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

There are lots of companies and vendors that don't automate cert renewal. They are all going to be forced into automation with this change.

The concern is that a compromised device could leak a cert that is then used for attacks.

[–] [email protected] 6 points 2 weeks ago (1 children)

The concern is that a compromised device could leak a cert that is then used for attacks.

Yeah. Everyone gets that.

The question was whether this is worth the damage seen in the wild thus far.

And I'm curious too: show me how it's not some market trying to FUD and FOMO us into yet more rigamarole for the sake of security and also sales. Security is rich in "better safe than sorry" snake oil.

Are we trading certs lasting 'too' long, a problem that may not yet exist, for a much harder problem of properly securing the renewal chain?

Are we going to have very secure keys but on code with 181 sploits in the supply chain, that we neither know about nor can fix because of rug-pulled compatibility if we did?

[–] [email protected] 1 points 2 weeks ago (1 children)

You can still use self signed certs. You just can't use it on the public internet.

[–] [email protected] 2 points 2 weeks ago

You can, but it might scare off some of your audience.