We are aiming for that with Caddy. Starting with internal PKI. Caddy already has a built-in CA and ACME server, so it's just a matter of setting the lifetime to be very, very short.
However, ultimately this will require TLS clients to implement proper support. For example, we already see problems in some web browsers where their TLS logic doesn't account for short lifetimes (like < 1 hour) and so page navs result in security errors because the cert has expired when actually all they have to do is renegotiate the TLS connection. It's debatable whether a cert needs to stay valid through the entire connection lifetime or just for establishing the connection.
There is a performance penalty of doing this, of course, but for certain use cases it's acceptable.
Short certificate lifetimes (e.g. 1 hour) is not valid-for-a-single-request as the GP asked.
I'm having a real hard time wrapping my head around how Public Key Infrastructure could co-exist with every public key being a nonce. I'm not confident that it is impossible, but GP's question seems like an interesting theoretical/categorical question more than a hyperbolic "how short can lifetimes go?".
1 hour lifetimes sounds incredibly complicated to orchestrate on a practical level. Do you use a lot of short-lived ephemeral hosts (e.g. a swarm of docker images)? I'm not sure how 1 hour lifetimes wouldn't cause systemwide chaos in what I consider a "typical" microservice architecture.
> Short certificate lifetimes (e.g. 1 hour) is not valid-for-a-single-request as the GP asked.
I'm aware :)
Don't get hung up on the 1 hour figure. All I'm saying is that we already do < 1 hour quite often, and it doesn't work well because clients don't handle it well. I wasn't saying 1 hour is how you do ephemeral certs.
Caddy is capable of second-long certs if needed. With our current logic, it's easy enough to turn off certificate management and just make the certs ephemeral.
He's pretty typical, honestly. There is a very large contingent of people who think exactly like he does. 10 years ago, he might be fairly cast as an outlier. Not anymore.
And then theres this faux-centrist meta hatred of strong opinions, and a general malaise of false equivalence. The Democrats and the Republicans are not the same.
There is demonstrably one party that pushes a heavily moderate corporatist populist agenda and one party that pushes radical christian nationalist policies which a majority of the population is not in favor of, from a heavily gerrymandered and structurally unfair (the Dakotas have the same number of Senators as NY and CA, f.x.) political position carefully engineered since the advent of the Southern Strategy.
Now, im not making a statement of 'correctness' vis a vis one side or the other, but if youre a woman or a person of color or queer in this country, The GOP policy platform is inherently hostile to your continued free existence.
The hatred is flowing mostly from the right, and being enacted into law.
Yes, we have a conservative party and a criminal party. We don't have a true progressive party. We are in the period of the cycle where political parties shift. As the Democratic-Republican party, Federalist party, Whig, Copperheads, Bull Moose, Know-Nothing, and others all got relegated to the dust bin of history, it is time for the political grounds to shift again.
> And then theres this faux-centrist meta hatred of strong opinions
I suspect you're conflating "hatred of strong opinions" with "hatred of people who prioritize their own radical ideology over the good of their country". I don't think many people hate strong opinions.
> and a general malaise of false equivalence. The Democrats and the Republicans are not the same.
No, but partisans are the same in that they both are willing to sacrifice the good of the country to see the other side lose on some token issue or another (pronouns, trans bathroom policies, etc).
> pushes radical christian nationalist policies which a majority of the population
No parties are pushing "Christian nationalist" policies. Whatever your position on abortion, banning it isn't "Christian nationalism". It's not an unreasonable position that human life (and thus human rights) begins before birth. There are some more extreme positions that are unpopular and hard to defend which the right pushes for (prohibiting abortions even when pregnancies are unviable or threaten the life of the mother) but there are also positions that are unpopular and hard to defend that the left pushes for (elective late term abortions).
> from a heavily gerrymandered and structurally unfair (the Dakotas have the same number of Senators as NY and CA, f.x.)
I think this is eminently fair, and without this the Dakotas would be steamrolled by the likes of NY and CA. Policies that make sense in NYC (restrictions on single family housing, car transportation, gun ownership, etc) would be forced on the rural states because they would be too irrelevant to worry about (why take the time to make sure policies work for the Dakotas when they are politically irrelevant?).
> Now, im not making a statement of 'correctness' vis a vis one side or the other, but if youre a woman or a person of color or queer in this country, The GOP policy platform is inherently hostile to your continued free existence.
I think this is patently absurd--I'm not a Republican nor have I ever voted for a Republican. However, it's not "hostile to people of color" for the GOP to stand with 80% of black Americans in opposition to de-policing policies which have driven the last decade's violent crime surge (which has disproportionately impacted black communities). Similarly, it's not "hostile to queer people" to pass a law which prohibits teaching sexuality ideology (whether left-wing gender ideology or "christian nationalist" ideology).
This is precisely the problem with partisan politics--any attempt to improve the country that falls outside of your narrow ideology is defined in the worst terms ("if you don't support police abolition you're a genocidal white supremacist!", "if you support enforcing immigration policies, you're literally Hitler!", "if you think late term abortions should be illegal, you're a 'Christian nationalist' that hates women"). This is precisely the kind of extremist hatred that is swelling the ranks of the right.
