alt Hacker NewsCertification Authority/Browser Forum adopts new security standards
Comments
Glad to see DNS validation from multiple perspectives, that's a scary attack vector.
I wonder if we can ever hope for CA/B to permit name constrained, short lifespan, automatically issued intermediate CAs, authenticated with something like a DNS-01 challenge. I've advocated for this before [1][2], but here's my pitch again:
I want to issue certificates from my own ICA for my homelab and office, to avoid ratelimits and hide hostnames for private services. I submit that issuing a 90-day ICA certificate with a name constraint that only allows it to issue certificates for the specific domain is no more dangerous than issuing a wildcard certificate, and offers enough utility that it should be considered seriously.
Objection 1: "Just use a wildcard cert." Wildcard certs are not sufficient here because they don't support nested wildcards, and — more importantly — they don't allow you to isolate hosts since any host can serve all subdomains. I'd rather not give some rando vibecoded nodejs app the same certificate that I use to handle auth.
Objection 2: "Just install a self-signed CA on all your devices." Installing and managing self-signed CAs on every device is tedious, error prone, and arguably more dangerous than issuing a 90-day name-constrained ICA.
Objection 3: "Aren't name constraints not supported by all clients?" On the contrary, they've had wide support for almost a decade, and for those just set the critical bit.
I understand this is not a "just ship it lmao" kind of change, but if we want this by 2030 planning for it needs to start happening now.
Notably, I think LetsEncrypt has been MPIC for some time now.
How will this impact self-signed local certificates? Can we still use a five-year lifespan on those or do we need to reduce it to <398 days?
What does this mean for CAs that issue certs for completely internal corporate DNS?
Does this mean the corporations have to reveal all their internal DNS and sites to the public (or at least the CA) and let them do DV, if they want certs issued for their wholly-internal domains that will be valid in normal browsers?
Cheaper code-signing certs would be great. I don't like how the CA/B is so focused on TLS only. PKI is a slightly wider landscape. I sincerely hope PKI-centric code and package signing makes its way to the Linux world where most influential people in these discussions live, so they can appreciate the importance of having a "letsencrypt" for other types of PKI usage like S/MIME and Authenticode.