[sugarpimpdorsey]

I'm sure those six-day lifetime certificates will work out real nice.

[ocdtrekkie]

I think I am going to become a fan of shorter certificate lifetimes because as soon as the chuckleheads in the CAB truly break the Internet on the level they are pushing for, the sooner we get to discard the entire PKI dumpster fire.

[NooneAtAll3]

what's the alternative to PKI?

[haiku2077]

Certainly something a hell of a lot simpler then x509 - and without assumptions from the 1990s hardcoded into it

[cpach]

Is it really X.509 that is the big “problem”? If so, I fail to see how.

[greyface-]

https://en.wikipedia.org/wiki/Decentralized_identifier

[jtchang]

So basically you trust something because you have a long chain of assurances that you trusted it before? Kinda like certificate pinning.

[dylan604]

no alternative. just eliminate the thing not liked. it's called being DOGEd