Pulse of Truth

1703 readers

116 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth

How Google’s 90-day TLS certificate validity proposal will affect enterprises (www.helpnetsecurity.com)

submitted 2 years ago by lemmydev2 to c/pulse_of_truth

3 comments fedilink hide all child comments

Announced last year, Google’s proposal to reduce the lifespan of TLS (transport layer security) certificates from 13 months to 90 days could be implemented in the near future. It will certainly improve security and shrink the window of opportunity for bad actors to exploit compromised or stolen certificates and private keys. Unfortunately, it will also dramatically increase the time and energy required to manage TLS certificates. For organizations with only a handful of certificates, this … More → The post How Google’s 90-day TLS certificate validity proposal will affect enterprises appeared first on Help Net Security.

top 3 comments

sorted by: hot top controversial new old

[–] resetbypeer@lemmy.world 5 points 2 years ago

Lets encrypt has this already by default. Managing this means automation but with that you may shift the problem. When automation is done poorly (esp when least privileged access is not done correctly). Hence that IAM is one of the cornerstone's of zero trust.

[–] Renegade 1 points 2 years ago

Article takes a long time to say very little.

[–] CubitOom 1 points 2 years ago

I didn't read the article.

Will this only affect sites that use Google as their CA or is this an issue when a site is viewed through chrome but has a cert that expires after 90 days?