Hacker Neue

Preferences
mcpherrinm parent
It makes the system more reliable and more secure for everyone.

I think that's a big win.

The root reason is that revocation is broken, and we need to do better to get the security properties we demand of the Web PKI.

zmmmmm
> It makes the system more reliable

It might in theory but I suspect it's going to make things very very unreliable for quite a while before it (hopefully) gets better. I think probably already a double digit fraction of our infrastructure outages are due to expired certificates.

And because of that it may well tip a whole class of uses back to completely insecure connections because TLS is just "too hard". So I am not sure if it will achieve the "more secure" bit either.

fiddlerwoaroof
It makes systems more reliable and secure for system runners that can leverage automation for whatever reason. For the same reason, it adds a lot of barriers to things like embedded devices, learners, etc. who might not be able to automate TLS checks.
thayne
Putting a manually generated cert on an embedded device is inherently insecure, unless you have complete physical control over the device.

And as mentioned in other comments, the revocation system doesn't really work, and reducing the validity time of certs reduces the risks there.

Unfortunately, there isn't really a good solution for many embedded and local network cases. I think ideally there would be an easy way to add a CA that is trusted for a specific domain, or local ip address, then the device can generate its own certs from a local ca. And/or add trust for a self-signed cert with a longer lifetime.

fiddlerwoaroof
This is a bad definition of security, I think. But you could come up with variations here that would be good enough for most home network use cases. IMO, being able to control the certificate on the device is a crucial consumer right
throwaway2037
Real question: What is the correct way to handle certs on embedded devices? I never thought about it before I read this comment.
steve_gh
There are many embedded devices for which TLS is simply not feasible. For remote sensing, when you are relying on battery power and need to maximise device battery life, then the power budget is critical. Telemetry is the biggest drain on the power budget, so anything that means spending more time with the RF system powered up should be avoided. TLS falls into this category.
dcow
Yes, but the question is about devices that can reasonably run TLS.

The answer is local acme with your router issuing certs for your ULA prefix or “home zone” domain.

2 More Comments →
dd82
And rather than fix the issues with revocation, its being shuffled off to the users.

Good example of enshittification

This item has no comments currently.