As part of its ongoing efforts to improve online security, Google has proposed a significant change to the SSL/TLS certificate system. In a recent announcement, the tech giant revealed its plan to cut the maximum validity period of SSL/TLS certificates to just 90 days.
Currently, SSL/TLS certificates can be valid for up to two years, providing a long-term security solution for website owners and users alike. However, Google argues that shorter certificate lifetimes will increase online security by forcing website owners to update their certificates more frequently and stay up-to-date with the latest security standards.
While this proposal has been met with some resistance from website owners relying on longer certificate lifetimes for their business operations, cybersecurity experts generally agree that shorter lifetimes can be good for online security.
By reducing the maximum validity period to just 90 days, website owners will need to renew their certificates more frequently, which can help to prevent potential security breaches and keep users’ sensitive data safe. Additionally, shorter certificate lifetimes can help to mitigate the impact of any compromised certificates, as they will expire sooner and be less useful to attackers.
However, this proposal does come with some potential drawbacks, including increased administrative costs for website owners and the potential for more certificate-related issues and errors.
While Google’s proposal may shock some, it’s clear that the tech giant is committed to improving online security for everyone. As this proposal continues to develop, it’s important for website owners and users alike to stay informed about the potential impacts on their online security and take steps to protect themselves accordingly.