The CA/Browser Forum has officially voted to amend the TLS Baseline Requirements to set a schedule for shortening both the lifetime of TLS certificates.
My concern is basically that this forces people to use very expensive cert providers, since it is infeasible to setup and connect and secure an HSM that can do this yourself. And Microsoft and Amazon have tricked the browser forums that their online ones are good enough.
It essentially puts yet another monopoly into the “open” Web. The CA browser forum is a joke at this point and I don’t respect any of the decision in the last 10 years. They all serve to further centralize and close off the web.
People keep bringing up LetsEncrypt, but it very much cannot issue EV carts. It costs THOUSANDS of dollars to use a service that can auto renew “trusted certs”.
My concern is basically that this forces people to use very expensive cert providers, since it is infeasible to setup and connect and secure an HSM that can do this yourself. And Microsoft and Amazon have tricked the browser forums that their online ones are good enough.
It essentially puts yet another monopoly into the “open” Web. The CA browser forum is a joke at this point and I don’t respect any of the decision in the last 10 years. They all serve to further centralize and close off the web.
People keep bringing up LetsEncrypt, but it very much cannot issue EV carts. It costs THOUSANDS of dollars to use a service that can auto renew “trusted certs”.
Why do you need EV certs?