Google wants to reduce lifespan for HTTPS certificates to one year

Found on ZD Net on Tuesday, 20 August 2019

No vote was held on the proposal; however, most browser vendors expressed their support for the new SSL certificate lifespan.

On the other side, certificate authorities were not too happy, to say the least. In the last decade and a half, browser makers have chipped away at the lifespan of SSL certificates, cutting it down from eight years to five, then to three, and then to two.

"If the CAs vote this measure down, there's a chance the browsers could act unilaterally and just force the change anyway," HashedOut said. "That's not without precendent, but it's also never happened on an issue that is traditionally as collegial as this.

Google is trying to grab too much. Browsers don't have any reason to meddle with the systems behind TLS/SSL. It's the job of the CA to take care of that, and the customer should always have the last word. If someone wants a 5 year TLS certificate, why not? Don't even think about LE; it's not the perfect solution for every case.

Browse all articles« Previous « » Next »