Certificate Giant Slams Plan to Shorten HTTPS Lifespans

Security

Industry stakeholders are considering reducing the lifespan of HTTPS certificates to just 13 months, around half of the current duration, in order to improve security.

The CA/Browser Forum proposal would seek to make the changes from March 2020. It comes after certificate lifetimes were reduced from 39 to 27 months back in March 2018.

Proponents argue that doing so would make it harder for the black hats, as it would reduce the length of time stolen certificates could be used for. It could also force companies to use the latest and most secure encryption algorithms available.

However, not everyone is on board: Digicert standards technical strategist, Timothy Hollebeek, argued that “it is far from clear” there’s any security benefit in reducing TLS/SSL certificate lifespans.

“This change has absolutely no effect on malicious websites, which operate for very short time periods, from a few days to a week or two at most. After that, the domain has been added to various blacklists, and the attacker moves on to a new domain and acquires new certificates,” he added.

“Another benefit that is sometimes suggested is that shorter lifetime certificates allow quicker transitions when the compliance rules change. Two-year certificate lifetimes mean that certificates that are issued today will still be around two years from now. But isn’t it the responsibility of those managing the certificate ecosystem to come up with compliance rules that can endure for at least that long?”

The changes would also significantly ramp up the costs for organizations, Hollebeek argued, although they could always use free services like Let’s Encrypt.

“We believe the goal of improving certificate security is better served by allowing more time for companies to continue their growing use of automation, to test their systems and to prepare for these changes,” he said. “The primary point is that any benefit of reducing certificate lifetimes is theoretical, while the risks and costs to make the changes, especially in a short period of time, are real.”

Products You May Like

Articles You May Like

Stalker found pop star by searching eyes’ reflections on Google Maps
Needles in a haystack: Picking unwanted UEFI components out of millions of samples
Streaming devices track viewing habits, study finds
IPOs are the beginning, not the end
Recruitment Sites Expose Personal Data of 250k Jobseekers

Leave a Reply

Your email address will not be published. Required fields are marked *