Google wants to reduce lifespan for HTTPS certificates to one year

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Google wants to reduce the lifespan of SSL certificates (used to secure HTTPS encrypted traffic) from the current two years to just over a year.

The proposal was made by Ryan Sleevi, Google's representative, at a F2F meeting of the CA/B Forum in Thessaloniki, Greece, in June.
The CA/B Forum is an unofficial industry group made up of certificate authorities (CAs; companies that issue SSL certificates) and browser makers.

Per Sleevi's proposal, starting with March 2020, the lifespan of all newly issued SSL certificates would become 397 days (roughly a year and a month) instead of the current 825 days (about two years and three months).
No vote was held on the proposal; however, most browser vendors expressed their support for the new SSL certificate lifespan.
Read more below:
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Excellent excellent idea! But the real solution would be a system that moves away from certificates completely. We need a trustless and decentralized system where each connection is a unique end-to-end encryption.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top