A central part of the system keeping the internet secure looks set to change for good thanks to a decision made months ago by Apple.
The company declared in February 2020 it would start accepting a new default lifespan of 398 days for TLS certificates – the encryption service that protects web data – going against the existing system set by the Certificate Authority industry.
Now, Google and Mozilla are set to follow suit, meaning the companies behind three of the leading browsers on the market today are changing the way internet security operates.
Apple TLS certificates
Back in February, Apple said that it would be reducing the maximum allowed lifetimes of TLS server certificates of its own accord. The company said that doing so would help improve web security for its users, as this would help weed out bad or insecure TLS certificates which had been affected by cybercrime or malware.
However Apple’s actions go against precedents set down by the the CA/B Forum, an industry body made up of representatives from browsers and Certificate Authorities (CAs) alike, and the organisation that usually dictates these lifespans.
CAs are the companies that issue TLS certificates, the lifespans of which have increasingly shortened in recent years as the need for greater online security grows.
When first introduced, TLS lifespans were eight years long, before gradually falling to two years under pressure from tech firms. With more sites being hit by cyberattacks, and the sheer number of websites across the internet continuing to grow exponentially, the need for flexible and effective TLS certificates to keep pages secure is greater than ever.
Securing websites with HTTPS systems goes a long way to ensuring these protections stay in place, but Apple, Mozilla and Google hope that combining this with shorter TLS certificates might make the job of a hacker harder than before.
The issue now seems decided, with individual CA providers protesting but unable to do much about the stance of Apple and its fellow tech firms.
So from September 1 2020, users may start to see more HTTPS errors in their browser, but can be reassured that this should mean their connections are arguably more secure – at least in Apple’s eyes.
Via ZDNet
