Menu

Últimas notícias

Fique informado

Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today

04/09/2020

Spotlight

Thales apresenta nova edição do “Manual de Ciberameaças: o cibercrime organizado” Ouça

Especialistas apresentam o modus operandi dos cibercriminosos e as formas de combatê-los

21/10/2020

Reimaginando o novo contrato social para a era digital. Entrevista com Don Tapscott

Don Tapscott é uma das maiores autoridades mundiais no impacto da tecnologia nos negócios e na sociedade. Ele compartilha sua visão de futuro de um novo contrato social.

21/10/2020

eIDAS – REGULAMENTO (UE) N.o 910/2014 DO PARLAMENTO EUROPEU E DO CONSELHO

eIDAS – REGULAMENTO (UE) Nº 910/2014 DO PARLAMENTO EUROPEU E DO CONSELHO

20/10/2020

Empresas brasileiras são beneficiadas pelo certificado ICP-Brasil

A transformação digital, que após a pandemia tornou-se essencial para a economia, já era realidade em diversas empresas brasileiras antes de 2020 com o certificado digital

20/10/2020

Primeiro Documento Eletrônico assinado entre dois Países foi emitido em 2 de outubro de 2020

A possibilidade de acordos internacionais serem assinados por meio de documentos eletrônicos com reconhecimento mútuo entre os países é uma prerrogativa dos documentos que utilizam certificados digitais emitidos por PKIs.

05/10/2020

Privacy By Design: Responding To The EU-US Privacy Shield Ruling

Last week, the European Union Court of Justice struck down the EU-US Privacy Shield agreement. Keep up with the new here on Crypto ID.

21/07/2020

Starting this week, the lifespan of new TLS certificates will be limited to 398 days, a little over a year, from the previous maximum lifetime of 27 months (825 days)

In a move that’s meant to boost security, Apple, Google, and Mozilla are set to reject publicly rooted digital certificates in their respective web browsers that expire more than 13 months (or 398 days) from their creation date.

The lifespan of SSL/TLS certificates has shrunk significantly over the last decade. In 2011, the Certification Authority Browser Forum (CA/Browser Forum), a consortium of certification authorities and vendors of browser software, imposed a limit of five years, bringing down the certificate validity period from 8-10 years.

Subsequently, in 2015, it was cut short to three years and to two years again in 2018.

Although the proposal to reduce the TLS/SSL lifetimes to one year was shot down in a ballot last September, the measure has been overwhelmingly supported by the browser makers such as Apple, Google, Microsoft, Mozilla, and Opera.

Then in February this year, Apple became the first company to announce that it intends to reject new TLS issued on or after September 1 that have a validity of more than 398 days. Since then, both Google and Mozilla have followed suit to enforce similar 398-day limits.

For those issued before the enforcement date won’t be impacted, neither those that have been issued from user-added or administrator-added Root certificate authorities (CAs).

“Connections to TLS servers violating these new requirements will fail,” Apple explained in a support document. “This might cause network and app failures and prevent websites from loading.”

For its part, Google intends to reject certificates that violate the validity clause with the error “ERR_CERT_VALIDITY_TOO_LONG” and treat them as misissued.

Additionally, some SSL certificate providers, such as Digicert and Sectigo have already stopped issuing certificates with a two-year validity.

To avoid unintended consequences, Apple recommends that certificates be issued with a maximum validity of 397 days.

Why Shortent Certificate Lifespan?

Capping TLS/SSL lifetimes improve website security because it reduces the period in which compromised or bogus certificates can be exploited to mount phishing and malware attacks.

That’s not all. Mobile versions of Chrome and Firefox do not proactively check for certificate status due to performance constraints, causing websites with revoked certificates to load without giving any warning to the user.

For developers and site owners, the development is a good time to implement certificate automation using tools such as Let’s Encrypt and EFF’s CertBot, which offer an easy way to set up, issue, renew, and replace SSL without manual intervention.

“Expired certificates continue to be a massive problem, costing companies millions of dollars due to outages every year,” said Chris Hickman, the chief security officer at Keyfactor. “On top of that, more frequent expired certificate warnings may result in web visitors becoming more comfortable bypassing the security warnings and error messages.”

“However, certificate subscribers frequently forget how or when to replace certificates, causing service outages from unexpected expiration […] leaving them ill-equipped to manage these new shorter life at scale.”

Source: The Hacker News

Digital public services: How to achieve fast transformation at scale, by McKinsey & Company

Safe handling of digital identities: 5 key questions.

Ransomware Has A New And Very Valuable Hostage In Sight

Present your solution and services on Crypto ID!  

Our purpose is to attend our readers interesting, therefore, we select our articles and announcing companies. Content and advertisement should be relevant to IT market, encryption and digital identification. If your company is part of this universe, download your media kit, write to us and be part of Crypto ID!

ACCESS OUR MEDIA KIT

contato@cryptoid.com.br   
+55 11 3881 0019 

Pular para a barra de ferramentas