[kuschku]

They won’t ever offer > 90 days, but certificate lengths of about a day would certainly be interesting. I’d certainly switch to 24h valid certificates as soon as possible.

Ideally even separate certs for every subdomain, but as Let’s Encrypt has cert limits, and I want to avoid SNI in the future, I’ll probably have to use wildcard certs.

[toast0]

I don't trust client clocks (or x.509 not before checking) enough to use certs until they've aged at least a couple days; a week is best, if I can manage. 24 hour validity would shut out a lot of people with computers or phones that can't keep time (or choose not to)

[tialaramex]

Certificates are usually issued back-dated by one hour. Most clients on the Internet are correct +/- 60 minutes, because of a mixture of small timezone errors, daylight saving being wrongly observed / not observed / not updated and similar. It is rare for clients to have the wrong date.

Back dating with a technical rationale (e.g. to work around crap clocks and historically as a way to hide more entropy near the start of the signed certificate) is accepted in the Web PKI, it is only forbidden to use back dating to try to dodge Baseline Requirements, for example back dating to avoid the restriction on SHA-1 after 2015 was prohibited and is one of the things StartCom / WoSign were caught doing.

[icebraining]

Curious, why do you want to avoid SNI?

[kuschku]

Basically, I am against SNIs today's implementation, and want to allow people who disable it to visit my sites.

SNI transmits the host unencrypted, that is a real security issue.

[jsmthrowaway]

In what sense? An attacker can already see the endpoints of a TLS conversation, and worrying about hostname disclosure is security through obscurity; the client already divulged the destination hostname with a probably-cleartext DNS query, too. Not worth worrying about. SNI is fine. If hostname disclosure is a security threat, the system needs rearchitecture.

Systems that hostname their customers (mycompany.example.com) should use wildcards for that scenario instead of SNI, among other reasons. That’s the only possible concern I can imagine.

[jakupovic]

Wildcard certs work only 1 level deep. If you introduce regions and stages or other dimensions you would need multiple wildcard certs to cover e.g. SVCa.teama.region.example.com

Multi domain certs help but then you need to encode all the names ahead of time and if you miss a name you need to reissue and reapply the cert.

[captncraig]

Do you own a huge block of IPs or something? We have a massive monster cert in order to support non sni on a single ip. I hate it.

[kuschku]

That wouldn't avoid the issue, actually — I need to put a dozen domains in the same IP space with one cert to get this security property.

Otherwise an adversary could simply see what IPs you connect to and reverse DNS them.

[icebraining]

Thanks for answering!