TLS Certificate Lifetimes Will Officially Reduce to 47 Days
www.digicert.com
The CA/Browser Forum has officially voted to amend the TLS Baseline Requirements to set a schedule for shortening both the lifetime of TLS certificates.

From today until March 15, 2026, the maximum lifetime for a TLS certificate is 398 days.

As of March 15, 2026, the maximum lifetime for a TLS certificate will be 200 days.

As of March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.

As of March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.

What’s everyone’s opinion on this? I think from a security standpoint their reasoning is valid and in many cases it’s very easy to automate the renewal with ACME or something else. But there’s likely gonna be legacy stuff still around in 2029 that won’t be easy to automate.

  • Admiral Patrick@dubvee.orgEnglish
    33·
    6 days ago

    Are compromised private keys that much of a problem in the real world to merit such a pain in the ass, heavy handed “solution”? On paper, sure, it makes sense. In practice, you’re forcing people to complicate the process by introducing, until now, unnecessary automation and introducing the possibility of brand new points of vulnerability.

    I say this as someone who does maintain legacy systems (i.e. systems), so take it with a very angry, frazzled grain of salt. But I’ve done this for years decades and many, many systems and to my knowledge, I’ve never had a compromised private key.

    This just seems like people who constantly lose their house keys mandating that everyone else change their locks as often as they do.

    • bamboo@lemmy.blahaj.zoneEnglish
      9·
      6 days ago

      One issue is that browsers and other clients have a difficult time handling certificate revocation. Let’s Encrypt is stopping support for OCSP, and that had a lot of privacy implications where a CA could tell who is going to what site, based on the requests to check certificate revocation. Let’s Encrypt is moving to CRLs, but the size of the CRL is very large the more certificates you have. For Let’s Encrypt with only a 90 day validity period, their CRL is smaller than a CA which has certificates as much as 398 days old.

      The size of the CRL is something not only CAs have to manage, on the client side, you may have to check a 10MB file to see if the certificate for the site you’re connecting to is still trusted by the CA. With many CAs, these CRLs will take up a lot of space on disk, and need to be updated often. Mozilla published a system called CRLite which uses Cascading Bloom Filters to keep track of revoked certificates in the browser, which will save a lot of space. Having a constrained set of revoked certificates is useful to ensure the bloomfilter won’t be too large for the browser to store and manage.

    • WhyJiffie@sh.itjust.worksEnglish
      1·
      5 days ago

      are you sure this mandates always using a new private key? I think I have read that they don’t. how would you verify that anyway?

    • JRaccoon@discuss.tchncs.deOPEnglish
      2·
      6 days ago

      I like that metaphor, I’m gonna save it. And agreed, there’s going to be issues with legacy systems.

      Luckily, at my current job, all of our outside-facing legacy services already go through an SSL terminating reverse proxy. And we then use self-signed certs with much longer validity for internal traffic where needed.