How modern computing quietly depends on this constantly-maintained layer of trust infrastructure

Well, to be more specific, "modern internet/web". Most of the applications that ran on a Windows XP computers still run on a Windows XP computer without hiccups, unless they do a lot of network connectivity for the functionality.

And no one can even give a concrete answer why root certificates need expiration dates. It's just because reasons.

IMO the whole PKI thing is a terrible idea to begin with. It would make much more sense to tie the trust in TLS to DNS somehow, since the certificates themselves depend on domains anyway. Then you would only have a single root of trust, and that would be your DNS provider (or the root servers). And nothing will expire ever again.

Root certificates need expiration dates for the same reason that LetsEncrypt certs need an expiration date: risk of cert compromise and forgery increases over time.

Over a long enough timeline, there will be vulns discovered in so much of the software that guards the CA certs in RAM

> risk of cert compromise and forgery increases over time.

And what if the certificate is compromised before it expires? Right, there's a revocation mechanism for that. So why expire them then if they can be revoked anyway IF they get compromised?

The reason why domain TLS certificates expire is that domains can change owners. It makes sense that it should not be possible for someone to buy a domain for one year, get a non-expiring TLS certificate issued for it, and then have the ability to MitM its traffic if it ever gets bought by someone else later.

Domain certificates are sent as part of the connection handshake, so them expiring is unnoticeable for the end users. However, root certificates rely on the OS getting updates forever, which is unsustainable. Some systems lack the ability to install user-provided root CAs altogether, and some (Android) do allow it but treat them as second-class.

Because the most dangerous secret is one that has been compromised and you don’t know it. This sets a time limit for their usefulness. Sometimes the stories about terrible default choices that are insecure sink in and architects choose a better path.

Also, details about the certs and the standards for them change over time. This makes it easier for the browser venders (via the CA forum) to force cert providers to update over time.

You're talking about it like they change by the force of nature, not because humans change them.

The revocation mechanism is basically just a list of revoked certificates. Without expiration dates, those lists will grow infinitely.

The instant we bound encrypted connections with identity we failed. And decades later we're still living with the mistake.

I'm completely serious when we need to abandon the ID verification part of certificates. That's an entirely separate problem from encryption protocol. An encryption protocol needs absolutely no expiration date, it's useful until it's broken, and no one can predict that. Identity should be verified in a separate path.

Certificates need expiration dates to be able to garbage collect certificate revocation lists.

Do certificate revocation lists need to keep including certificates that have long since expired? I don't see why root certificates need to expire as long as the certificates signed by those roots all have reasonable expiration windows, unless someone is doing something strange about trusting formerly-valid certificates, or not checking root certificates against revocation lists.

Right, because DNS entries never expire.

Of course they do, they have to. But it's okay for things that are sent to you over the network to expire. It's not okay for things built into your potentially abandoned OS to expire.

> Of course they do, they have to.

Why do they have to?

(This will also tell you why certs in your OS need to expire.)

Because domains change owners.

https://news.ycombinator.com/item?id=47074127

More specifically: because they cannot be revoked, they need to expire. Same with root certs.

> The keychain system is so hidden from users it was hard to even get to for myself.

These days, keychain access is under /System/Library/Core Services/Applications/Keychain Access.app. That's not intuitive, but, once you know it's there, it's not hard to navigate to it. Was it different under older versions?

Apple moved it there in macOS Sequoia, from Utilities, because they were worried it would be confused with the Passwords app. Apple reminds you that you're actually looking for the Passwords app at every turn:

  Tip: You can find all your passwords, passkeys, and verification codes in the Passwords app on your Mac.

https://support.apple.com/guide/keychain-access/what-is-keyc...

command-space... type "keychain access"

> The updates are over https. The default certificates are 10year expiry.

I wish I knew this last week while trying to restore a 2010 21" iMac.

Apart from this, I encountered another annoyance mid-way; the official download urls for Sierra and High Sierra were nowhere to be found. I somewhat remember being able to download the official dmg/disk image from some official repository, probably some App store public url?

can look for macos downloader scripts in github. I noticed the readme here shares some URLs though I'm not sure if they still work https://github.com/Comp-Labs/Download-macOS

https://github.com/chris1111/Download_Install_macOS could also be another option.

I know I used one of the macos downloaders from github before, I just forget which one though.

Thanks!

If you have High Sierra on USB, it installs just fine. You need a High Sierra machine to make the USB stick, but once you have one, its simple to reinstall.