I'm disappointed that we can't come up with a way for encryption to work forever.
Like, if I find a knife from 150 years ago, it still cuts cheese. Sure - it isn't the most modern tech, but it still does the job it was made for. Even though cheese recipes have changed, they are still compatible with an old knife.
Yet a phone in 150 years will be 100% useless. Not only useless because other things have moved on, or because the hardware has degraded, but useless by design because root certificates expire.
We shouldn't be putting anything into consumer electronics with an expiry date.
A knife is an extremely simple tool and you're making a very modest requirement of it (that it should cut cheese). There's no way that a 2023 smartphone is equivalently simple, nor that "Just access arbitrary remote stuff over the Internet" is a similarly modest requirement.
Lets try something appreciably more complex and do an equivalently tricky task. Lets use an 1873 steam train to travel from London to Derby.
We run into more or less the same problem. Functionally, this can work, you'll have to buy the coal from somewhere and hire tankers to move the water where it's needed since there is no longer provision for that- but much harder you'll need to secure an extraordinary amount of special case paperwork to make this happen, because obviously your 1873 steam train isn't authorized to use this route, you will need to retro-fit safety equipment that an 1873 steam train was never designed to work with, and you will need to re-train people to operate it.
Don't worry though, you have preserved the important part - your 150 year old train is still ludicrously unsafe compared to its modern equivalent like the phone. Relatively minor impacts will turn the passenger compartments into kindling, with passengers still inside, because they're basically just a wooden box resting on a simple metal platform, not a monocoque design and even after fitting mandatory safety equipment the train can't effectively stop anywhere close to fast as modern trains if things go wrong.
The encryption itself will work "forever." (Realistically, very powerful computers could some day obviate contemporary encryption).
The tricky part about PKI and signed TLS certificates has little to do with the encryption and a lot to do with networks of trusted parties. People die and are born, relationships evolve, and so these networks are inherently dynamic.
Certificate expiration is a feature by design, and it's included for a reason.
> We shouldn't be putting anything into consumer electronics with an expiry date.
So you wouldn't have half the consumer electronics we have because nobody would be able to afford them.
We should be making consumer electronics with reasonable life expectancies. 150 years in the future I don't want to use something from 150 years ago that "still works", I want something that is new with more capabilities, that is cheaper, that does the thing better. Why create undestructible phones that will last 150 years when nobody other than vintage collectors will want them after ~10 years due to other problems with material degradation, fashion etc.
The optimal point is to not create discardable things, but it's also realising that if you're making something forever you're going to use up way more resources and people will still stop using those devices for other reasons, so you just created more waste.
Too short life = too much waste due to replacement needs.
Too long life = too many wasted resources per-device which will be abandoned for other reasons.
Last night I used some 100+ year old tools to poke a hole in something. But I almost bought a $10 awl last time I was in the store because the old tools aren't really fit for purpose, and they're really just decorations.
Have you ever tried accessing the modern web with a Windows 95 computer using Netscape Navigator?
Even if that computer had up-to-date certificates, basically nothing about it would be compatible with the modern internet. It's not just a question of of "expiry dates", it's that you cannot make any forward progress if you have to maintain backwards compatibility forever.
Internet protocols, file formats, hardware standards... all these things need to be able to change over time. Hell, with the old phone example, your biggest problem with a sufficiently old phone is whether it can even connect to the network - I recently tried using a retro Nokia as a backup phone, but realised that the SIM card I'd put in it was for a network which didn't offer 2G coverage. Phone couldn't even make calls or send texts because it wasn't 3G compatible.
Yes, and it worked hilariously well, because we've worked on bridge technologies for things like this: whether it's local proxies to strip or modify SSL or even just render an entire page as an image and transport it to the old browser as-is.
Solutions will come and go. Hell, what's stopping someone from building an on-device VPN that does the SSL translation itself?
Any solutions for the problem would still only exist in new devices. And the announcement does indeed mention that new devices will be able to update their certificate store.
> but useless by design because root certificates expire
Should be noted that the new design (Android 14) is to allow certificate updates to be separate from operating system updates. Not sure if this is done via a standardized API or something proprietary, so the problem of servers going down forever might remain.
Like, if I find a knife from 150 years ago, it still cuts cheese. Sure - it isn't the most modern tech, but it still does the job it was made for. Even though cheese recipes have changed, they are still compatible with an old knife.
Yet a phone in 150 years will be 100% useless. Not only useless because other things have moved on, or because the hardware has degraded, but useless by design because root certificates expire.
We shouldn't be putting anything into consumer electronics with an expiry date.