Because those ephemeral LE certificates are such a great idea...
shaky-carrousel · 2h ago
It is, if your objective is to closely centralize the web. If you make https mandatory, via scare tactics, only people with certificates will have websites. If you make ephemeral certificates mandatory by taking advantage of a monopoly, then only big SSL providers who can afford it will survive.
Then, when you have only two or three big SSL providers, it's way easier to shut someone off by denying them a certificate, and see their site vanish in mere weeks.
tgsovlerkhgsel · 49m ago
Meanwhile, in the real world:
- We went from the vast majority of traffic being unencrypted, allowing any passive attacker (from nation state to script kiddie sitting in the coffee shop) to snoop and any active attacker to trivially tamper with it, to all but a vanishing minority of connections being strongly encrypted. The scare tactics used to sell VPNs in YouTube ads used to all be true, and no longer are, due to this.
- We went from TLS certificates being unaffordable to hobbyists to TLS certificates being not only free, but trivial to automatically obtain.
- We went from a CA ecosystem where only commercial alternatives exist to one where the main CA is a nonprofit run by a foundation consisting mostly of strong proponents of Internet freedom.
- Even if you count ZeroSSL and Let's Encrypt as US-controlled, there is at least one free non-US alternative using the same protocol, i.e. suitable as a drop-in replacement (https://www.actalis.com/subscription).
- Plenty of other paid but affordable alternatives exist from countless countries, and the ecosystem seems to be getting better, not worse.
- While many other paths have been used to attempt to censor web sites, I haven't seen the certificate system used for this frequently (I'm sure there are individual court orders somewhere).
- If the US wanted to put its full weight behind getting a site off the Internet, it would have other levers that would be equally or more effective.
- Most Internet freedom advocates recognize that the migration to HTTPS was a really, really good thing.
justsomehnguy · 42m ago
Meanwhile, in the real world:
- We now provide a completely free certs for a malicious web-sites
- Degraded encryption value so much it's not even indicated anymore (remember the green bar for EV?)
- Pavlov-trained everyone to dumb-click through 'this page is not secure' warnings
- SNI exists and even without it anything not on CDN is blocked very easily
nozzlegear · 8m ago
> Pavlov-trained everyone to dumb-click through 'this page is not secure' warnings
Do we have any statistics for how many people are actually doing this? Such warnings are so rare in my experience that, by default, I don't trust a site that has no SSL/expired or invalid certs and won't click through if I see that warning.
prmoustache · 23m ago
What is stupid is not to provide free certs for malicious web sites, what was stupid is telling people for years that they would be safe and could trust a website only because there was a lock icon on the url bar.
lukeschlather · 27m ago
The only one of those things that is the fault of ACME is the first one, and are you really suggesting between that and your second bullet point that we should charge money for encryption so that people value it more? Encryption is free so people do it more. Paying money doesn't actually make people trustworthy. (Though you can totally charge people to prove they aren't malicious, but if you want to do that, why tie it to encryption? Encrypt regardless.)
ocdtrekkie · 18m ago
> Paying money doesn't actually make people trustworthy.
This is fundamentally a naive understanding of both security and certificates. Paying money absolutely makes people trustworthy because it's prohibitive to do it at scale. You might have one paid malicious certificate but you can have thousands of free ones. The one malicious domain gets banned, the thousands are whack-a-mole forever.
Further, certificates used to indicate identity in more than a "the domain you are connected to" sense. There was a big PR campaign to wreck EV certs but EV certs generally were extremely secure. And even Google, who most loudly complained about EV, has reintroduced the Verified Mark Certificate (VMC) to replace it and use for new things like BIMI.
crazygringo · 2h ago
You don't need short expirations for that. CRLs/OCSP already provided a mechanism for certificates to be revoked before they expire.
However, short expirations severely limit the damage an attacker can do if they steal your private key.
And they avoid the situations where an organization simply forgets to renew a cert, because automating something so infrequent is genuinely difficult from an organizational standpoint. Employees leave, calendar reminders go missing, and yeah.
m-p-3 · 1h ago
CRLs are becoming bulky, and OCSP have some privacy implications (telling the CA which websites you visit), plus most browsers are set to soft fail if there's an outage and the request can't be made instead of a hard fail and making the website inaccessible, reducing the security and usefulness of OCSP.
Short-lived certificates fixes these issues from an end-user standpoint.
Yup. If your primary goal was fast, efficient certificate revocation, then having certs that still take 90 days to expire rather than 2 years is not the solution you'd come up with.
CRLite updates every 12 hours.
aaomidi · 1h ago
This has existed for a while. It doesn’t address another major issue with revocation: user agents that aren’t browsers don’t implement it.
kxxt · 2h ago
It's because CRLs/OCSP sucks so now short expiration is rolling out.
ozim · 1h ago
CRL doesn’t suck it is just not easy problem on web scale.
CRL/OCSP had limited effect in practice. A revoked certificate would, if I remember correctly, continue to be accepted by many if not most browsers (by market share).
KetoManx64 · 2h ago
Great explanation and very apt for out time when we regularly hear of people being banned/debanked/jailed for their political views in western countries.
octoberfranklin · 42m ago
Yeah WebPKI is basically perfectly designed to facilitate deplatforming.
They are. Unbreakable crypto for free, your clients don't have to exchange keys with you in person, and the only cost is running a script on a server that has to run automated code all day anyway
aaomidi · 1h ago
Running basic automation to keep your certificates renewed is not difficult. I do this on my toy website and it’s been working without me touching it since before the pandemic.
hkt · 2h ago
DANE would be better than LE, but weirdly the massive companies building browsers don't want to provide support. Spooky!
DANE is not a good idea. It makes DNS the CA. DNS doesn't have any stringent security requirements to its design or operation, as CAs do. It depends on a problematic protocol (that, among other things, limits the ability to deal with different operational and failure modes). And just because a nameserver provides a record, doesn't mean an authorized domain owner wanted that record to be an authorized secure transport. (not to mention, it would force people choose domain TLDs based on political positions, rather than, say, a desire for an easy to remember name)
It's weak security and introduces more problems than it solves. If we're going to get rid of CAs, we should consider a better solution, not a worse one.
aaomidi · 1h ago
You’re just moving your root of trust to DNS then?
With certificates we’re doing multi perspective validation.
DNS root of trust is silly. DNSSEC is not a proper root of trust
ocdtrekkie · 13m ago
DNS is already the root of trust, certificates are domain-validated. We currently just depend on both DNS and an unelected group of random companies Google has decided jump through their arbitrary hoops often enough.
https://cloudflare.f-droid.org/
They acknowledge rotation failed but it is still failing [1]. Perhaps something to do with how certs are rotated on their CDN?
[1] - https://www.ssllabs.com/ssltest/analyze.html?d=f%2ddroid.org...
Then, when you have only two or three big SSL providers, it's way easier to shut someone off by denying them a certificate, and see their site vanish in mere weeks.
- We went from the vast majority of traffic being unencrypted, allowing any passive attacker (from nation state to script kiddie sitting in the coffee shop) to snoop and any active attacker to trivially tamper with it, to all but a vanishing minority of connections being strongly encrypted. The scare tactics used to sell VPNs in YouTube ads used to all be true, and no longer are, due to this.
- We went from TLS certificates being unaffordable to hobbyists to TLS certificates being not only free, but trivial to automatically obtain.
- We went from a CA ecosystem where only commercial alternatives exist to one where the main CA is a nonprofit run by a foundation consisting mostly of strong proponents of Internet freedom.
- Even if you count ZeroSSL and Let's Encrypt as US-controlled, there is at least one free non-US alternative using the same protocol, i.e. suitable as a drop-in replacement (https://www.actalis.com/subscription).
- Plenty of other paid but affordable alternatives exist from countless countries, and the ecosystem seems to be getting better, not worse.
- While many other paths have been used to attempt to censor web sites, I haven't seen the certificate system used for this frequently (I'm sure there are individual court orders somewhere).
- If the US wanted to put its full weight behind getting a site off the Internet, it would have other levers that would be equally or more effective.
- Most Internet freedom advocates recognize that the migration to HTTPS was a really, really good thing.
- We now provide a completely free certs for a malicious web-sites
- Degraded encryption value so much it's not even indicated anymore (remember the green bar for EV?)
- Pavlov-trained everyone to dumb-click through 'this page is not secure' warnings
- SNI exists and even without it anything not on CDN is blocked very easily
Do we have any statistics for how many people are actually doing this? Such warnings are so rare in my experience that, by default, I don't trust a site that has no SSL/expired or invalid certs and won't click through if I see that warning.
This is fundamentally a naive understanding of both security and certificates. Paying money absolutely makes people trustworthy because it's prohibitive to do it at scale. You might have one paid malicious certificate but you can have thousands of free ones. The one malicious domain gets banned, the thousands are whack-a-mole forever.
Further, certificates used to indicate identity in more than a "the domain you are connected to" sense. There was a big PR campaign to wreck EV certs but EV certs generally were extremely secure. And even Google, who most loudly complained about EV, has reintroduced the Verified Mark Certificate (VMC) to replace it and use for new things like BIMI.
However, short expirations severely limit the damage an attacker can do if they steal your private key.
And they avoid the situations where an organization simply forgets to renew a cert, because automating something so infrequent is genuinely difficult from an organizational standpoint. Employees leave, calendar reminders go missing, and yeah.
Short-lived certificates fixes these issues from an end-user standpoint.
https://hacks.mozilla.org/2025/08/crlite-fast-private-and-co...
CRLite updates every 12 hours.
But seems like there is feasible solution: https://hacks.mozilla.org/2025/08/crlite-fast-private-and-co...
https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Na...
It's weak security and introduces more problems than it solves. If we're going to get rid of CAs, we should consider a better solution, not a worse one.
With certificates we’re doing multi perspective validation.
DNS root of trust is silly. DNSSEC is not a proper root of trust