Don't lower cert times also get people to trust certs that were created just for their session to MITM them?
That is the next step in nation state tapping of the internet.
Don't lower cert times also get people to trust certs that were created just for their session to MITM them?
That is the next step in nation state tapping of the internet.
I don't see why it would; the same basic requirements around CT apply regardless of certificate longevity. Any CA caught enabling this kind of MITM would be subject to expedient removal from browser root programs, but with the added benefit that their malfeasance would be self-healing over a much shorter period than was traditionally allowed.
lol no? lower cert times still extend the root certificates that are already trusted. It is not a noticeable thing when browsing the web as a user.
A MITM cert would need to be manually trusted, which is a completely different thing.
I think their point is that a hypothetical connection-specific cert would make it difficult/impossible to compare your cert with anybody else to be able to find out that it happened. A CA could be backdoored but only “tapped” for some high-value target to diminish the chance of burning the access.
> I think their point is that a hypothetical connection-specific cert would make it difficult/impossible to compare your cert with anybody else to be able to find out that it happened.
This is already the case; CT doesn't rely on your specific served cert being comparable with others, but all certs for a domain being monitorable and auditable.
(This does, however, point to a current problem: more companies should be monitoring CT than are currently.)
Well, the cert can still be compared to what's in the CT Log for this purpose.
Yes, precisely.