from Hacker News

Mandatory short duration TLS certificates are probably coming soon

by aragilar on 4/14/25, 9:45 AM with 23 comments

  • by greatgib on 4/14/25, 1:42 PM

    At this point you can wonder if there is not an hidden agenda, because this push to reduce certificates is excessive regarding the commonality of the issue that is supposed to be solved by that.

    I'm wondering if it is not a push by big tech lobbyists to push everyone to "cloud managed solutions". Because to be clear this makes life harder and more expensive for on prem solutions and device that might not be often online or freely connected to internet. Also, whatever service you will have in the world, you will be bound to be in frequent contacts with a limited number of actors even if only letsencrypt. And most of these actors, like letsencrypt also might be us based and found by whatever US regulation there would be an anytime.

  • by rini17 on 4/14/25, 11:45 AM

    Curious when it stops. Why not require new certificate every day?

  • by junaru on 4/14/25, 12:30 PM

    Why did DNSSEC/DANE not kill CAs? Are browsers being paid by CAs to bundle their root certificates?