Hacker News new | past | comments | ask | show | jobs | submit login

As you note, we already have a system that uses more appropriate cryptography (than a PAKE) to solve this: FIDO.

You've lost me at mTLS here. At some point it starts to feel like we're advocating for security protocols just so we can fit them all in somewhere.




That was a bit tongue-in-cheek, sorry. I've worked in mTLS shops and it's definitely not practical for the public Internet.

Ultimately, I think the practical solution to homoglyphs is in the presentation layer, whether it be displaying different scripts in different ways, warning when scripts are mixed, or some other kind of UX rather than protocol change. The only protocol change I can think of to address them would be to go back to ASCII only (and even that is more of a presentation issue since IDNs are just Punycode).


mTLS is going to be a problem soon, arguably bigger than this lifetime reduction. Most server certs today have clientAuth EKU and can be used for mTLS. That stops next year.


It took me awhile to dig up evidence for this, but the closest I can find is that subordinate CA certificates will no longer be allowed to have id-kp-clientAuth EKU [1], however this restriction does not apply to leaf certificates.

[1]: https://googlechrome.github.io/chromerootprogram/#321-applic...


It applies to leaf certs too. (Full disclosure - I work in the industry, so know this well). After June 15th, 2026 - no leaf certs with serverAuth and clientAuth. Mind you, client authentication with public certificates is a bad idea anyway, but I appreciate many people do and it's just been 'the way' for many years. This is why I think it's going to hurt if folks don't realise soon and start to plan.

reply


I cannot find any hard evidence of this claim -- I don't have reason to believe you're making it up, but I also would expect this change to be more widely announced. The best I can find is some discussion by Let's Encrypt staff that the roots want to stop issuing clientAuth-enabled leaf certificates eventually. However, there haven't been any hard timelines established because (at least) some mail servers in particular are using ___domain-validated public certificates for opportunistic mTLS.

I've scoured the CA/Browser Forum BRs and ballots, Chrome Root Store policies, and CCADB policies, and can't find mention of this coming restriction.

reply


It's a Chrome policy: https://googlechrome.github.io/chromerootprogram/ 3.2.1 (item 2).

In case it helps - am the CTO of a large CA, so (un)fortunately aware of what's happening and when.

reply


Wow, I completely missed bullet 2. It's quite clear:

    All corresponding unexpired and unrevoked subscriber (i.e., TLS server authentication) certificates issued on or after June 15, 2026 MUST include the extendedKeyUsage extension and only assert an extendedKeyUsage purpose of id-kp-serverAuth.
Thanks!

reply




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: