Skip to main content

Web body mulls halving HTTPS cert lifetimes.

posted onAugust 11, 2019
by l33tdawg
wikipedia
Credit: wikipedia

CA/Browser Forum – an industry body of web browser makers, software developers, and security certificate issuers – is considering slashing the lifetime of HTTPS certs from 27 months to 13 months.

The plan, floated at a meeting by Googler Ryan Sleevi earlier this year and still in its draft stages, comes just one year after the lifetime maximum for certificates was lowered from 39 months to 27 months. There is no word yet on when a vote may take place. HTTPS certificates are, essentially, used to encrypt connections between browsers and sites, and help software determine that no one is tampering with or eavesdropping on those connections.

By reducing the amount of time a TLS/SSL certificate is valid, websites must renew their certs more often. This will, it is hoped, force them to use certificates with the latest and greatest recommended cryptography and hashing, rather than hang onto aging certs that use insecure algorithms. The short lifespan could also, in theory, help to cut down on fraudulent activity, as stolen certs would become useless sooner, and abandoned sites would see their certs expire faster.

Source

Tags

Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th