CA/Browser Forum Votes for 47-Day Cert Durations By 2029

"Members of the CA/Browser Forum have voted to slash cert lifespans from the current one year to 47 days," reports Computerworld, "placing an added burden on enterprise IT staff who must ensure they are updated."In a move that will likely force IT to much more aggressively use web certificate automation services, the Certification Authority Browser Forum (CA/Browser Forum), a gathering of certificate issuers and suppliers of applications that use certificates, voted [last week] to radically slash the lifespan of the certificates that verify the ownership of sites. The approved changes, which passed overwhelmingly, will be phased in gradually through March 2029, when the certs will only last 47 days. This controversial change has been debated extensively for more than a year. The group's argument is that this will improve web security in various ways, but some have argued that the group's members have a strong alternative incentive, as they will be the ones earning more money due to this acceleration... Although the group voted overwhelmingly to approve the change, with zero "No" votes, not every member agreed with the decision; five members abstained... In roughly one year, on March 15, 2026, the "maximum TLS certificate lifespan shrinks to 200 days. This accommodates a six-month renewal cadence. The DCV reuse period reduces to 200 days," according to the passed ballot. The next year, on March 15, 2027, the "maximum TLS certificate lifespan shrinks to 100 days. This accommodates a three-month renewal cadence. The DCV reuse period reduces to 100 days." And on March 15, 2029, "maximum TLS certificate lifespan shrinks to 47 days. This accommodates a one-month renewal cadence. The DCV reuse period reduces to 10 days." The changes "were primarily pushed by Apple," according to the article, partly to allow more effective reactions to possible changes in cryptography. And Apple also wrote that the shift "reduces the risk of improper validation, the scope of improper validation perpetuation, and the opportunities for misissued certificates to negatively impact the ecosystem and its relying parties." Thanks to Slashdot reader itwbennett for sharing the news.

Read more of this story at Slashdot.