AT2k Design BBS Message Area
Casually read the BBS message area using an easy to use interface. Messages are categorized exactly like they are on the BBS. You may post new messages or reply to existing messages!

You are not logged in. Login here for full access privileges.

Previous Message | Next Message | Back to Slashdot  <--  <--- Return to Home Page
   Local Database  Slashdot   [248 / 287] RSS
 From   To   Subject   Date/Time 
Message   VRSS    All   CA/Browser Forum Votes for 47-Day Cert Durations By 2029   April 19, 2025
 2:40 PM   

Feed: Slashdot
Feed Link: https://slashdot.org/
---

Title: CA/Browser Forum Votes for 47-Day Cert Durations By 2029

Link: https://it.slashdot.org/story/25/04/19/174521...

"Members of the CA/Browser Forum have voted to slash cert lifespans from the
current one year to 47 days," reports Computerworld, "placing an added burden
on enterprise IT staff who must ensure they are updated." In a move that will
likely force IT to much more aggressively use web certificate automation
services, the Certification Authority Browser Forum (CA/Browser Forum), a
gathering of certificate issuers and suppliers of applications that use
certificates, voted [last week] to radically slash the lifespan of the
certificates that verify the ownership of sites. The approved changes, which
passed overwhelmingly, will be phased in gradually through March 2029, when
the certs will only last 47 days. This controversial change has been debated
extensively for more than a year. The group's argument is that this will
improve web security in various ways, but some have argued that the group's
members have a strong alternative incentive, as they will be the ones earning
more money due to this acceleration... Although the group voted
overwhelmingly to approve the change, with zero "No" votes, not every member
agreed with the decision; five members abstained... In roughly one year, on
March 15, 2026, the "maximum TLS certificate lifespan shrinks to 200 days.
This accommodates a six-month renewal cadence. The DCV reuse period reduces
to 200 days," according to the passed ballot. The next year, on March 15,
2027, the "maximum TLS certificate lifespan shrinks to 100 days. This
accommodates a three-month renewal cadence. The DCV reuse period reduces to
100 days." And on March 15, 2029, "maximum TLS certificate lifespan shrinks
to 47 days. This accommodates a one-month renewal cadence. The DCV reuse
period reduces to 10 days." The changes "were primarily pushed by Apple,"
according to the article, partly to allow more effective reactions to
possible changes in cryptography. And Apple also wrote that the shift
"reduces the risk of improper validation, the scope of improper validation
perpetuation, and the opportunities for misissued certificates to negatively
impact the ecosystem and its relying parties." Thanks to Slashdot reader
itwbennett for sharing the news.

Read more of this story at Slashdot.

---
VRSS v2.1.180528
  Show ANSI Codes | Hide BBCodes | Show Color Codes | Hide Encoding | Hide HTML Tags | Show Routing
Previous Message | Next Message | Back to Slashdot  <--  <--- Return to Home Page
VADV-PHP
Execution Time: 0.0147 seconds

If you experience any problems with this website or need help, contact the webmaster.
VADV-PHP Copyright © 2002-2025 Steve Winn, Aspect Technologies. All Rights Reserved.
Virtual Advanced Copyright © 1995-1997 Roland De Graaf.
 v2.1.250224