Why Google Is Generating R3 Certs?

hpws · July 3, 2021, 5:13am

@griffin sorry what , Its saturday Afternoon here . LOL
Time zones again .
I am patient no worries || with you

rg305 · July 3, 2021, 5:22am

I don't suppose they will ever renew them... So maybe not as wasteful as one might think.
And how else would they quickly generate a valid cert?
[I think kudos are due here to LE for being better/faster/cheaper than Google's own public CA]

hpws · July 3, 2021, 5:22am

@rg305 No, AFAIK They do renew the R3 Certificate

rg305 · July 3, 2021, 5:24am

That would be unnecessary; so why would they?
[90 days will tell us]

hpws · July 3, 2021, 5:24am

I dont know why they require to renew but i do know that they renew the certificates . Becuase I have CT monitoring which shows they are renewed

griffin · July 3, 2021, 5:25am

I guess I'm just not a fan of the thought of one of the world's largest for-profit enterprises churning a non-profit's resources as part of their process.

rg305 · July 3, 2021, 5:25am

Please show (and tell - LOL)

rg305 · July 3, 2021, 5:26am

Yeah that is a big NO-NO!

hpws · July 3, 2021, 5:31am

@rg305 See this https://crt.sh/?q=mandolin.com Every GTS SSL is followed by a R3 SSL

rg305 · July 3, 2021, 5:34am

Although that seems to be a true statement...
It is taken out of context.
The context here is the FQDN must be one and the same.
I only found one, where the R3 FQDN is followed by the same FQDN by GTS.
So I fail to see the pattern.

hpws · July 3, 2021, 5:40am

oh no see it , Check the crt.sh | marketing.mandolin.com cert and more there is a pattern

hpws · July 3, 2021, 5:43am

@rg305 But even if i consider google stops renewing but they do generate ** disposable ** certs for every single domain

rg305 · July 3, 2021, 5:43am

I will ask again:

That 60 cycle doesn't make sense for Google to use.

rg305 · July 3, 2021, 5:46am

I haven't seen that for sure, but if they do, then I do agree with you: They are a for-profit business and should not abuse of (nor even use any) non-profit resources. [without adequate compensation (i.e. donations/sponsorship)]

hpws · July 3, 2021, 5:48am

If we even leave renewing , or let's leave google for some time . There are literally thousands of companies that are for profit buisness and use in their price chart || FREE SSL FOR YOU || no cost of ssl and more . Just abusing LE without any valid reason

rg305 · July 3, 2021, 5:53am

That is more of a stretch on the term abuse.
The purpose of LE is to get everyone using encryption.
If anyone (mom & pop shops) has to decide if they can afford SSL or not, then making it free is always affordable.
If anyone (mom & pop shops) are unable to manage their own IT and go to one-stop-shops for full-service and that service includes FREE SSLs (provided by LE)...
Then it is exactly what LE wanted (albeit via an intermediary).

The "Google" case fails that test immensely!
They literally have their own public CA - how can they NOT afford to use that.
They are one of the most profitable companies on the planet - how can they NOT afford...

Two very different cases.

hpws · July 3, 2021, 5:55am

@rg305 Do you mean why they use LE or you mean something different

rg305 · July 3, 2021, 5:59am

Which?:

hpws · July 3, 2021, 5:59am

@rg305 I mean Google use LE

rg305 · July 3, 2021, 6:06am

In this particular case, Google's use of LE certs seems obviously abusive (IMHO).
[but I'm not a lawyer, nor affiliated with any judicial/courts system - just an average guy]