December 1, 2023

Mozilla is planning to complement the change in the coming months, regardless of the outcome of a vote on the issue by a key industry group.

The CA/Browser Forum, which sets policies for certificate authorities and browser makers, has been considering the change for some time and the proposal has significant support among the browser vendors. An updated version of the proposal that would reduce the lifespan of TLS certificates to a maximum of 398 days is active now.

Currently, the policy allows for a maximum lifespan of 825 days, or about 27 months. A lot can change in that amount of time, and that’s one of the main reasons that Mozilla and other companies are supporting the change. TLS certificates serve several purposes, including the enablement of encrypted sessions between clients and the site,

“TLS certificates provide authentication, meaning that you can be sure that you are sending information to the correct server and not to an imposter trying to steal your information. If the owner of the domain changes or the cloud service provider changes, the holder of the TLS certificate’s private key (e.g. the previous owner of the domain or the previous cloud service provider) can impersonate the website until that TLS certificate expires,” Ben Wilson, technical program manager at Mozilla, said in a post detailing the company’s position.

“Keys valid for longer than one year have greater exposure to compromise.”

Long lifespans for TLS certificates can be problematic in a number of ways aside from the potential for impersonation. In order to provide compatibility with various browsers and client systems, certificates support several ciphersuites for encryption and hash algorithms for signatures. That’s all fine until there’s a serious issue with one of the ciphersuites or hask algorithms that necessitates revoking and reissuing certificates. This is a relatively rare occurrence, but when it happens it’s a major disruption for site owners, CAs, and individuals trying to make a secure connection to an affected site.

In recent years, collisions discovered with both  SHA-1 and MD5 hash algorithms put certificates signed with one of those algorithms in jeopardy for forgery. The issues were public, but because of the long lifespans of TLS certificates at the time the collisions were disclosed, it took many years to phase out all of the affected certificates. Reducing the lifespan of certificates would mitigate this kind of problem while also limiting the amount of time a given keypair is valid.

Keys valid for longer than one year have greater exposure to compromise, and a compromised key could enable an attacker to intercept secure communications and/or impersonate a website until the TLS certificate expires. A good security practice is to change key pairs frequently, which should happen when you obtain a new certificate.

The current proposal would have the 398 day lifespan go into effect on Sept. 1 if it passes. But even if the proposal fails,Mozilla intends to change its policy to limit certificate lifespans to 398 days

Recently Apple announced that it will enforce the TLS Policy by September 2020

Leave a Reply

%d bloggers like this: