How Google’s 90-day TLS certificate validity proposal will affect enterprises - Help Net Security
www.helpnetsecurity.com
Google’s 90-day TLS certificate renewal plan enhances security by reducing exploit risks for organizations.

Announced last year, Google’s proposal to reduce the lifespan of TLS (transport layer security) certificates from 13 months to 90 days could be implemented in the near future. It will certainly improve security and shrink the window of opportunity for bad actors to exploit compromised or stolen certificates and private keys. Unfortunately, it will also dramatically increase the time and energy required to manage TLS certificates. For organizations with only a handful of certificates, this … More → The post How Google’s 90-day TLS certificate validity proposal will affect enterprises appeared first on Help Net Security.

  • resetbypeer@lemmy.worldEnglish
    5·
    5 months ago

    Lets encrypt has this already by default. Managing this means automation but with that you may shift the problem. When automation is done poorly (esp when least privileged access is not done correctly). Hence that IAM is one of the cornerstone’s of zero trust.

  • RenegadeEnglish
    1·
    5 months ago

    Article takes a long time to say very little.

  • CubitOomEnglish
    1·
    5 months ago

    I didn’t read the article.

    Will this only affect sites that use Google as their CA or is this an issue when a site is viewed through chrome but has a cert that expires after 90 days?