{"id":28381,"date":"2020-03-12T16:30:05","date_gmt":"2020-03-12T20:30:05","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=28381"},"modified":"2020-03-12T16:53:10","modified_gmt":"2020-03-12T20:53:10","slug":"tls-increasingly-exists-in-three-different-worlds","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2020\/03\/12\/tls-increasingly-exists-in-three-different-worlds\/","title":{"rendered":"TLS Increasingly Exists in Three Different Worlds"},"content":{"rendered":"

Chris Siebenmann<\/a>:<\/p>\n

\n

The first world is web TLS<\/em>, which is dominated by browsers. This\nis the familiar world of public HTTPS, with public Certificate\nAuthorities, requirements for certificate transparency, and so on.\nThe browsers increasingly are calling the shots here and they’re\npushing for things like short certificate lifetimes, aggressively\nmoving away from old TLS versions, and so on.<\/p>\n

[…]<\/p>\n

The second is non-web public TLS<\/em>, where TLS is used for protocols\nlike IMAP, SMTP (with STARTTLS), and so on. This world still uses\npublic CAs, but it has a lot more old clients and servers and is a\nlot slower to deprecate old TLS and SSL versions, move to shorter\ncertificate lifetimes, and so on.<\/p>\n

[…]<\/p>\n

The third world is internal TLS<\/em>, where TLS is used inside an\norganization or a service to encrypt connections and often to\nauthenticate them (and sometimes it’s used between organizations).<\/p>\n<\/blockquote>\n\n

Previously:<\/p>\n