Últimas notícias

Fique informado

Maximum Lifespan of SSL/TLS Certificates is 398 Days Starting Today

4 de setembro de 2020


Reconhecimento facial sem prova de vida está com os dias contados, afirma CEO de uma das principais plataformas brasileiras de biometria facial

Conversamos com José Luis Volpini, CEO da CredDefense, uma das pioneiras e mais conceituadas plataformas de biometria facial do mercado brasileiro.

6 de janeiro de 2021

Carimbo do Tempo dá início ao fim da era dos protocolos proprietários na ICP-Brasil. Ouça

Segundo Dr. Roberto Gallo, o fim da era dos protocolos proprietários na ICP-Brasil tem data marcada e deve beneficiar fabricantes, prestadores de serviços e clientes finais.

28 de dezembro de 2020

Em tempo de mobilidade extrema e home office, como controlar o perímetro de segurança da empresa? Ouça

Conversamos com Jan Rochat da AET Europe, sobre a eficiência das tecnologias que protegem as informações das empresas, especialmente nesse momento de extrema necessidade de mobilidade das pessoas em “home office.

8 de dezembro de 2020

Identificar, confiar e conectar. Quantas vezes por dia nos autenticamos?

Controlar credencias de acesso nas organizações é tão difícil quanto

2 de dezembro de 2020

Doutor Fabiano Menke Concede Entrevista Sobre a Evolução das Assinaturas Eletrônicas

Nesta entrevista Dr. Fabiano Menke fala sobre a Lei 14.063 de setembro de 2020 e sobre o Decreto 14.543 de novembro de 2020 sobre os tipos de assinaturas eletrônicas

25 de novembro de 2020

Privacy By Design: Responding To The EU-US Privacy Shield Ruling

Last week, the European Union Court of Justice struck down the EU-US Privacy Shield agreement. Keep up with the new here on Crypto ID.

21 de julho de 2020

Starting this week, the lifespan of new TLS certificates will be limited to 398 days, a little over a year, from the previous maximum lifetime of 27 months (825 days)

In a move that’s meant to boost security, Apple, Google, and Mozilla are set to reject publicly rooted digital certificates in their respective web browsers that expire more than 13 months (or 398 days) from their creation date.

The lifespan of SSL/TLS certificates has shrunk significantly over the last decade. In 2011, the Certification Authority Browser Forum (CA/Browser Forum), a consortium of certification authorities and vendors of browser software, imposed a limit of five years, bringing down the certificate validity period from 8-10 years.

Subsequently, in 2015, it was cut short to three years and to two years again in 2018.

Although the proposal to reduce the TLS/SSL lifetimes to one year was shot down in a ballot last September, the measure has been overwhelmingly supported by the browser makers such as Apple, Google, Microsoft, Mozilla, and Opera.

Then in February this year, Apple became the first company to announce that it intends to reject new TLS issued on or after September 1 that have a validity of more than 398 days. Since then, both Google and Mozilla have followed suit to enforce similar 398-day limits.

For those issued before the enforcement date won’t be impacted, neither those that have been issued from user-added or administrator-added Root certificate authorities (CAs).

“Connections to TLS servers violating these new requirements will fail,” Apple explained in a support document. “This might cause network and app failures and prevent websites from loading.”

For its part, Google intends to reject certificates that violate the validity clause with the error “ERR_CERT_VALIDITY_TOO_LONG” and treat them as misissued.

Additionally, some SSL certificate providers, such as Digicert and Sectigo have already stopped issuing certificates with a two-year validity.

To avoid unintended consequences, Apple recommends that certificates be issued with a maximum validity of 397 days.

Why Shortent Certificate Lifespan?

Capping TLS/SSL lifetimes improve website security because it reduces the period in which compromised or bogus certificates can be exploited to mount phishing and malware attacks.

That’s not all. Mobile versions of Chrome and Firefox do not proactively check for certificate status due to performance constraints, causing websites with revoked certificates to load without giving any warning to the user.

For developers and site owners, the development is a good time to implement certificate automation using tools such as Let’s Encrypt and EFF’s CertBot, which offer an easy way to set up, issue, renew, and replace SSL without manual intervention.

“Expired certificates continue to be a massive problem, costing companies millions of dollars due to outages every year,” said Chris Hickman, the chief security officer at Keyfactor. “On top of that, more frequent expired certificate warnings may result in web visitors becoming more comfortable bypassing the security warnings and error messages.”

“However, certificate subscribers frequently forget how or when to replace certificates, causing service outages from unexpected expiration […] leaving them ill-equipped to manage these new shorter life at scale.”

Source: The Hacker News

Digital public services: How to achieve fast transformation at scale, by McKinsey & Company

Safe handling of digital identities: 5 key questions.

Ransomware Has A New And Very Valuable Hostage In Sight

Present your solution and services on Crypto ID!  

Our purpose is to attend our readers interesting, therefore, we select our articles and announcing companies. Content and advertisement should be relevant to IT market, encryption and digital identification. If your company is part of this universe, download your media kit, write to us and be part of Crypto ID!


+55 11 3881 0019