Really great analysis. Always cool to see the divide between PKI in theory and practice.
It does make me wonder if the zealous pursuit of shorter expirations has gone too far, especially up at the root. Is there good public discussion on root expiration? Seems to mostly come up when old devices get bricked because of it. Certainly 15 year expirations are not a substitute for extremely strict root key management or root key revocation.
> Is there good public discussion on root expiration?
Haven't seen a specific one but I guess the most relavant public discussion on root CA-led device bricking issues might have occurred around the time when DST Root CA X3 (naturally) expired - that's around September '24: https://letsencrypt.org/2023/07/10/cross-sign-expiration.htm...
I personally believe most issues blocking old device reuse can be solved by manufacturers returning the root permission back to users, so that users can install modded systems with up-to-date stuffs. However, it's a pity that manufacturers aren't willing to do it, as it hurts their interest on selling new devices. Will laws on "right to repair" work? Time will tell.
It's even worse: based on "orange iPhone" they just bought an iPhone 17. So they'll skip the next two iPhones and be back in 2028? Sounds like a standard upgrade cycle.
I (perhaps naively) still believe that communities can successfully curate human writing. While there's lots of AI slop that gets posted on HN, for instance, the amount of thoughtful human content seems well above the base rate.
You are not alone and fuck all the people that say that everything is doomed and that there's no way to still have a good internet full of wonderful content made by people.
This (as previously posted) is one of my few Favorite posts on HN. Half because of how awesome it is, and half because I can never remember what it’s called.
CAIDA is doubtless a gold standard. One thing to note, however, is that the same vantage point avoidance issue applies even more to publicly-documented vantage points. In fact, it was concerns specifically about adversarial avoidance of academic telescopes that led to our research at UW-Madison and eventually to Terrace.
When looking at telescope data like CAIDA’s UCSD-NT, it’s also important to remember that source IPs can be spoofed absent a valid handshake, something that both our and GreyNoise’s analysis accounts for.
Surprisingly measuring legitimate Telnet usage may be even harder than measuring attacks! Getting representative metrics of benign src-dst endpoint pairs while controlling neither approaches impossibility, especially since at global scale it’d be mixed with (I suspect) orders of magnitude more attack traffic. Best you could probably do is measure on a clean-ish ISP like a university network.
We cannot know for certain what the root cause is. However, honeypot fingerprinting is a well-known risk for any vantage point, particularly a high-profile one.
It does make me wonder if the zealous pursuit of shorter expirations has gone too far, especially up at the root. Is there good public discussion on root expiration? Seems to mostly come up when old devices get bricked because of it. Certainly 15 year expirations are not a substitute for extremely strict root key management or root key revocation.
reply