The web browser manufacturers and SSL certificate vendors are once again colluding to make Internet a more dangerous and risky place for everyone, while doing nothing at all to address the number one public enemy of safety and security on Internet: client-side scripting. They weren't satisfied with the power grab that reduced maximum validity periods to slightly over one year; they have now ordered that certificates can be valid for no longer than 45 days. The first question, of course, is "who elected them?"
Beyond that, the danger that no one will address is that such short validity periods, as a practical matter, will require almost all web site owners to automate the process of certificate generation and renewal-- in other words, put it into a "black box" that they don't understand and can't control. Automation increases the potential for abuse and exploitation by an order of magnitude, and essentially requires that web site owners cede control of the whole process to a third party, which will be subject to hacking or hijacking for nefarious purposes.
"Oh, no!" the vendors cry out. "We're all buttoned-down, safe and secure," Yeah, right. That's what they all say. Why should we believe that this process will be any more safe and secure than the processes of the innumerable major companies and government agencies that have been hacked over the years? Should Charlie Brown believe that this time Lucy isn't going to pull the ball away so that he falls flat on his back with a big "Whump?" Should Rocky the Flying Squirrel believe that this time, Bullwinkle is actually going to pull a rabbit from his hat? We all know by now that that trick never works, and so it will be with shortened expirations on SSL certificates. This trick won't work either.
Apart from that, 45 days is still more than enough time for criminals to acquire legitimate SSL certificates and abuse them before disappearing into the Ethernet. As it is, criminals routinely register throwaway domain names to be used for perhaps a week before they get discovered, blocked, and shut down. The solution to that, of course, will be one-use certificates that will require an even greater level of control on the part of the SSL vendors.
This also raises a serious question. Once the certificate vendors essentially control Internet, because they'll be able in essence to revoke a certificate instantly simply by not renewing it, and browsers will display an error message if anyone attempts to visit a site with an expired certificate, how do we know that this concentrated power won't be abused? Keep in mind that only the single vendor that issued a certificate needs to let a certificate expire before all browsers will throw an error message onto the screen. How do we know that the government or activist groups won't put pressure on a vendor not to renew a certificate simply because they don't like what someone is saying as opposed to illegal activities being conducted? With shortened expiration periods, blocking can occur even before the web site owner has a chance to post something on the site in protest.
This madness must stop. To that end, I plan to discontinue HTTPS access to all my web sites as soon as their current certificates expire. I do no e-commerce here, nor do I solicit or store any information at all from anyone, much less sensitive information. I doubt that I store anything of value on my web server. It is all public information that I want people to read and access. My Internet radio stations are, again, by their nature, public and available to anyone in the United States. Encrypting them only adds unnecessary overhead and probably slows them down somewhat. Access to my web sites will be limited to HTTP, which will probably cause error messages in browsers, but I'll take my lumps on that one. I'm simply not going to get on the dangerous merry-go-round of 45-day certificate expirations.
You should write to your representatives in Congress to alert them to this danger and ask that laws be passed to require a minimum one-year expiration date on SSL certificates, and also ask that laws against collusion either be enforced or strengthened so that a cabal of tech companies can't shove this sort of nonsense down our throats. Everyone is at risk here, so everyone should be concerned.
Finally, I have absolutely no client-side scripts on my main web server. I can't vouch for how the radio channels work if someone looks at them via a web browser, but one can use VLC to stream them without using a web browser at all. Banning client-side scripts from my web sites keeps them almost bullet-proof and far safer than any site that does use client-side scripting. When the overlords of Internet start working to eliminate client-side scripting-- which is like requiring people to leave all their doors and windows unlocked day and night-- then perhaps I can take them seriously when they start chirping about how secure things are.
Note: No so-called "artificial intelligence" was used to create this hand-crafted Internet web page. The author is a certified, real, live human being.