The CA/Browser Forum has officially voted to amend the TLS Baseline Requirements to set a schedule for shortening both the lifetime of TLS certificates.
As someone who manages a fair few certain, damn that is short. Acme is great, and a lot of big name CAs now support it, but a lot of applications do not. I can spin up an web app proxy in some cases, but for a great many systems that is not viable.
On the other hand, it really decreases the threat of certificate stealing and reuse.
😆 if these companies did what they should because it is required for modern business we wouldn’t be in this situation to begin with. At the end of the day, standard need to evolve. We’d all still be using IE6 if it was left up to the suits making the decisions.
As someone who manages a fair few certain, damn that is short. Acme is great, and a lot of big name CAs now support it, but a lot of applications do not. I can spin up an web app proxy in some cases, but for a great many systems that is not viable.
On the other hand, it really decreases the threat of certificate stealing and reuse.
I feel for you, but this means that all of these applications now have to start implementing automation.
😆 if these companies did what they should because it is required for modern business we wouldn’t be in this situation to begin with. At the end of the day, standard need to evolve. We’d all still be using IE6 if it was left up to the suits making the decisions.