Comment by ocdtrekkie
2 days ago
I think I am going to become a fan of shorter certificate lifetimes because as soon as the chuckleheads in the CAB truly break the Internet on the level they are pushing for, the sooner we get to discard the entire PKI dumpster fire.
what's the alternative to PKI?
Certainly something a hell of a lot simpler then x509 - and without assumptions from the 1990s hardcoded into it
Is it really X.509 that is the big “problem”? If so, I fail to see how.
https://en.wikipedia.org/wiki/Decentralized_identifier
So basically you trust something because you have a long chain of assurances that you trusted it before? Kinda like certificate pinning.
no alternative. just eliminate the thing not liked. it's called being DOGEd