CA / Browser Forum proposes halving SSL certificate validity
Shortening the life cycle of certificates will increase the costs of companies and bring additional troubles.
A consortium of certification authorities, browser and operating system developers CA / Browser Forum has proposed halving the validity of SSL certificates for HTTPS from 27 to 13 months. The proposal, voiced last month by Google spokesman Ryan Sleevi, is still at the project stage and a voting date has not yet been set.
It is noteworthy that the initiative to reduce the validity of certificates was presented only a year after it was reduced from 39 to 27 months.
Shortened validity means that sites will have to renew their certificates more often. According to the authors of the initiative, in this way sites will receive certificates that support the latest recommended encryption and hashing algorithms, and will not use old certificates with unsafe algorithms for a long time. In addition, shortening the life cycle will help fight fraud, as stolen certificates will become invalidated faster.
On the other hand, Let's Encrypt certification center issues free certificates with a validity period of 90 days and the ability to automatically renew and deploy using special software. Let's Encrypt certificates are supported by almost all browsers and OS, and it seems that the service seriously interferes with other certification authorities that provide certificates for money.
According to Timothy Hollebeek, Digicert specialist, shortening the validity of certificates will increase the costs of renewing companies and cause additional trouble. Thus, companies are more likely to turn to Let's Encrypt than to continue to work with companies that charge for their certificates.