TLS Certificate Lifetimes Will Officially Reduce to 47 Days
TLS Certificate Lifetimes Will Officially Reduce to 47 Days
The CA/Browser Forum has officially voted to amend the TLS Baseline Requirements to set a schedule for shortening both the lifetime of TLS certificates.
You're viewing a single thread.
Why 47 Days? 47 days might seem like an arbitrary number, but it’s a simple cascade:
200 days = 6 maximal month (184 days) + 1/2 30-day month (15 days) + 1 day wiggle room 100 days = 3 maximal month (92 days) + ~1/4 30-day month (7 days) + 1 day wiggle room 47 days = 1 maximal month (31 days) + 1/2 30-day month (15 days) + 1 day wiggle room
Or just "1.5 months".
If it was 46 days, there will (arguably) be times where it's less than 1.5 months.
I guess the intention is automation that updates every month, leaving you with half a month to fix issues.
it's not arbitrary
Voice over: it is arbitrary
Simple cascade, but it goes from +15 to +7 to +15 lol