sueden.social ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.
Eine Community für alle, die sich dem Süden hingezogen fühlen. Wir können alles außer Hochdeutsch.

Serverstatistik:

2 Tsd.
aktive Profile

#TLS

5 Beiträge5 Beteiligte0 Beiträge heute

Experience sessions like this live at SharkFest'25 US, happening June 14–19 in Richmond, VA. Join industry experts and fellow enthusiasts for hands-on labs, in-depth lectures, and unparalleled networking opportunities.​

youtube.com/watch?v=Cq6yj9se9M

Secure your spot today: sharkfest.wireshark.org/sfus

Ooh, what’s this?… Look Over There!
(With apologies to Jaida Essence Hall)

So the little app I teased earlier is ready and deployed and I have our own instance running at:

look-over-there.small-web.org

Look Over There! lets you forward multiple domains to different URLs with full HTTPS support.

Why?

We have a number of older sites that are becoming a chore/expensive to maintain and yet I don’t want to break the web. So I thought, hey, I’ll just use the “url forwarding” feature of my domain registrar to forward them to their archived versions on archive.org.

Ah, not so fast, young cricket… seems some domain registrars’ implementations of this feature do not work if the domain being forwarded is accessed via HTTPS (yes, in 2025).

So, given Kitten¹ uses Auto Encrypt² to automatically provision Let’s Encrypt certificates, I added a domain forwarding feature to it and created Look Over There! as a friendly/simple app that provides a visual interface to it.

To see it in action, hit cleanuptheweb.org and you should get forwarded to the archived version of it on archive.org. I’m going to be adding more of our sites to the list in the coming days as part of an effort to reduce my maintenance load and cut down our expenses at Small Technology Foundation.

Since it’s Small Web, this particular instance is just for us. However, you can run your own copy on a VPS (or even a little single-board computer at home, etc.) A link to the source code repository is on the site. Once Domain³ is ready for use (later this year 🤞), setting up your own instance of a Small Web app at your own server will take less than a minute.

I hope this little tool, along with the 404→307 (evergreen web) technique⁴, helps us to nurture an evergreen web and avoid link rot. (And the source code, as little as there is because Kitten does so much for you, is a good resource if you want to learn about Kitten’s new class-based component and page model which I haven’t yet had a chance to properly document.)

Enjoy!

:kitten:💕

¹ kitten.small-web.org
² codeberg.org/small-tech/auto-e
³ codeberg.org/domain/app
4042307.org

happened early April, but worth sharing. Certs will only have 47 days of validity by 2029. validity lengths will progressively get shorter from march 2026 until then. Reusing domain validation material will be limited to 10 days.

IMO this is a very good thing.

this is diff to the very short validity certs that can be issued now. Lets Encrypt will offer 6 day certs by end of yr

github.com/cabforum/servercert

Dass es im Jahr 2025 immer noch Firmen gibt, die mit "Deine Daten werden verschlüsselt per SSL übertragen." oder ähnlichem werben, um irgendwie Sicherheit zu suggerieren ... ich hoffe doch sehr stark, dass die Übertragung NICHT per SSL erfolgt, sondern per TLS.

digicert.com/blog/tls-certific

The CA/Browser Forum has officially voted to amend the TLS Baseline Requirements to set a schedule for shortening both the lifetime of TLS certificates.

The maximum certificate lifetime is going down:

- As of March 15, 2026, the maximum lifetime for a TLS certificate will be 200 days.
- As of March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.
- As of March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.

www.digicert.comTLS Certificate Lifetimes Will Officially Reduce to 47 DaysThe CA/Browser Forum has officially voted to amend the TLS Baseline Requirements to set a schedule for shortening both the lifetime of TLS certificates.

Nur noch 47 Tage:

#Gültigkeit von #TLS - #Zertifikaten wird drastisch verkürzt

Ab 2029 dürfen #TLS-Zertifikate statt 398 nur noch höchstens 47 Tage lang gültig sein. Der von #Apple eingereichte Vorschlag hat breite Zustimmung erhalten.

Das #CA / #Browser #Forum hat beschlossen, die maximale Gültigkeitsdauer digitaler Zertifikate für den verschlüsselten Datenaustausch via #SSL / #TLS von aktuell 398 auf deutlich geringere 47 Tage zu reduzieren.

golem.de/news/nur-noch-47-tage

Golem.de · Nur noch 47 Tage: Gültigkeit von TLS-Zertifikaten wird drastisch verkürzt - Golem.deVon Marc Stöckel

So it's official: TLS certificate lifetimes will reduce from the current max of 398 days to:
* 200 days in March 2026
* 100 days in March 2027
* 47 days in March 2029

For web servers/proxies etc. it's reasonably simple, at least for smaller orgs but for e.g. network kit it might be more of a challenge. Having a timeframe to aim at definitely focusses the mind!

Via @riskybiz / risky.biz/risky-bulletin-ca-b-

risky.bizRisky Bulletin: CA/B Forum approves 47-days TLS certs - Risky Business MediaThe CA/Browser Forum passed a ballot to reduce the maximum validity of TLS certificates from the current 398 days to just 47 days by 2029. [Read More]
#TLS#PKI#InfoSec
Fortgeführter Thread

Specific schedule:

March 15, 2026 - Cert validity (and Domain Control Validation) limited to 200 days.
March 15, 2027 - Cert validity (and Domain Control Validation) limited to 100 days.
March 15, 2029 - Cert validity limited to 47 days and Domain Control Validation limited to 10 days.

There's gonna be a lot of complaints about this in change control meetings over the next year200 days.