Google wants to reduce lifespan for HTTPS certificates to one year

istock-689019766-1.jpg

Close-up of a browser window showing lock icon during SSL connection

Getty Images/iStockphoto

Google wants to reduce the lifespan of SSL certificates (used to secure HTTPS encrypted traffic) from the current two years to just over a year.

The proposal was made by Ryan Sleevi, Google’s representative, at a F2F meeting of the CA/B Forum in Thessaloniki, Greece, in June.

Coinbase 2

The CA/B Forum is an unofficial industry group made up of certificate authorities (CAs; companies that issue SSL certificates) and browser makers.

No vote has been held yet

Per Sleevi’s proposal, starting with March 2020, the lifespan of all newly issued SSL certificates would become 397 days (roughly a year and a month) instead of the current 825 days (about two years and three months).

No vote was held on the proposal; however, most browser vendors expressed their support for the new SSL certificate lifespan.

On the other side, certificate authorities were not too happy, to say the least. In the last decade and a half, browser makers have chipped away at the lifespan of SSL certificates, cutting it down from eight years to five, then to three, and then to two.

The last change occured in March 2018, when browser makers tried to reduce SSL certificate lifespans from three years to one, but compromised for two years after pushback from certificate authorities.

Now, barely two years later after the last change, certificate authorities feel bullied by browser makers into accepting their original plan, regardless of the 2018 vote.

DigiCert pushes back

Timothy Hollebeek, DigiCert’s representative at the CA/B Forum, has recently penned a blog post expressing the company’s position on the new proposal, which, unsurprisingly, is not in favor with Google’s plan.

“So what is the proposed security benefit that justifies this cost? It is far from clear that there is any at all,” Hollebeek said.

“This change has absolutely no effect on malicious websites, which operate for very short time periods, from a few days to a week or two at most. After that, the domain has been added to various blacklists, and the attacker moves on to a new domain and acquires new certificates.”

The DigiCert exec explains that, instead, this change to a shorter SSL certificate lifespan would create more costs for their customers (the users/buyers of SSL certs), which now have to allocate more human resources to keeping SSL certificates up to date or performining maintenance updates when one expires.

Furthermore, Hollebeek also argues that “shorter lifetime certificates allow quicker transitions when the compliance rules change” is also not a good reason because standards shouldn’t change so often in the first place.

The “SSL revocation” problem

But in a Twitter thread reacting to Hollebeck’s blog post, security researcher Scott Helme argues that the security benefits of shorter SSL certificate lifespans have nothing to do with phishing or malware sites, but instead with the SSL certificate revocation process.

Helme claims that this process is broken and that bad SSL certificates continue to live on for years after being mississued and revoked — hence the reason he argued way back in early 2018 that a shorter lifespan for SSL certificates would fix this problem because bad SSL certs would be phased out faster.

Sectigo (formerly Comodo), the biggest certificate authority on the market, has taken a more positive tone to the change, compared to DigiCert’s more aggresive contrarian stance. The company took the opportunity of the potential change to highlight its tools for automating SSL certificate renewals, instead of getting into a public fight with browser makers.

Browsers make rules

And this fight between CAs and browser makers has been happening in the shadows for years. As HashedOut, a blog dedicated to HTTPS-related news, points out, this proposal is much more about proving who controls the HTTPS landscape than everything.

“If the CAs vote this measure down, there’s a chance the browsers could act unilaterally and just force the change anyway,” HashedOut said. “That’s not without precendent, but it’s also never happened on an issue that is traditionally as collegial as this.

“If it does, it becomes fair to ask what the point of the CA/B Forum even is. Because at that point the browsers would basically be ruling by decree and the entire exercise would just be a farce.”

In the meantime, DigiCert is running an anonymous survey among its customers to see how a shortened one-year SSL certificate lifespan would impact their activity. If customers complain — and you can be sure about that — then DigiCert will most likely use the survey results to push against Google’s proposal.

Related cybersecurity coverage:

Google wants to reduce lifespan for HTTPS certificates to one year 1
blank
About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

blank

E-Crypto News Executive Interviews


blank

bitcoin
Bitcoin (BTC) $ 32,548.00
ethereum
Ethereum (ETH) $ 2,074.16
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 290.32
cardano
Cardano (ADA) $ 1.18
xrp
XRP (XRP) $ 0.598070
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.192609
polkadot
Polkadot (DOT) $ 12.94
binance-usd
Binance USD (BUSD) $ 1.00
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 32,548.00
ethereumEthereum (ETH)
$ 2,074.16
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 445.80
litecoinLitecoin (LTC)
$ 120.53
bitcoinBitcoin (BTC)
27.651,97
ethereumEthereum (ETH)
1.762,15
tetherTether (USDT)
0,849575
bitcoin-cashBitcoin Cash (BCH)
378,74
litecoinLitecoin (LTC)
102,40
bitcoinBitcoin (BTC)
23,914.48
ethereumEthereum (ETH)
1,523.98
tetherTether (USDT)
0.734745
bitcoin-cashBitcoin Cash (BCH)
327.55
litecoinLitecoin (LTC)
88.56

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021
blank
What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021
Crypto Scams On The Rise As Market Enters Bull Cycle
Crypto Scams On The Rise As Market Enters Bull Cycle
December 22, 2020
Harpreet Singh Sahni perpetrated the Plus Gold Union Coin (PGUC) scam
Sydney Concert Promoter Harpreet Sahni Involved In $50M Crypto PGUC Scam
November 2, 2020
KuCoin hackers steal $150 million
KuCoin Exchange Hacked But Insurance Will Cover The Stolen $150M
September 29, 2020

Blockchain/Cryptocurrency Questions and Answers

Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021
Solana
What Is Solana (SOL) And How Does It Work?
June 26, 2021
blank
What Is Plethori Platform And How Does It Work?
June 12, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d

bitcoin
Bitcoin (BTC) $ 32,261.00
ethereum
Ethereum (ETH) $ 2,022.69
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 284.55
cardano
Cardano (ADA) $ 1.16
xrp
XRP (XRP) $ 0.584245
usd-coin
USD Coin (USDC) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.187832
polkadot
Polkadot (DOT) $ 12.59
binance-usd
Binance USD (BUSD) $ 1.00