{"id":2621,"date":"2020-07-09T08:00:18","date_gmt":"2020-07-09T15:00:18","guid":{"rendered":"https:\/\/blog.mozilla.org\/security\/?p=2621"},"modified":"2020-07-13T04:38:29","modified_gmt":"2020-07-13T11:38:29","slug":"reducing-tls-certificate-lifespans-to-398-days","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2020\/07\/09\/reducing-tls-certificate-lifespans-to-398-days\/","title":{"rendered":"Reducing TLS Certificate Lifespans to 398 Days"},"content":{"rendered":"

 <\/p>\n

We intend to update Mozilla\u2019s Root Store Policy<\/a> to reduce the maximum lifetime of TLS certificates from 825 days to 398 days, with the aim of protecting our user’s HTTPS connections. Many reasons for reducing the lifetime of certificates have been provided and summarized in the CA\/Browser Forum\u2019s Ballot SC22<\/a>. Here are Mozilla\u2019s top three reasons for supporting this change.<\/p>\n

1. Agility<\/b><\/p>\n

Certificates with lifetimes longer than 398 days delay responding to major incidents and upgrading to more secure technology. Certificate revocation is highly disruptive and difficult to plan for. Certificate expiration and renewal is the least disruptive way to replace an obsolete certificate, because it happens at a pre-scheduled time, whereas revocation suddenly causes a site to stop working. Certificates with lifetimes of no more than 398 days help mitigate the threat across the entire ecosystem when a major incident requires certificate or key replacements. Additionally, phasing out certificates with MD5<\/a>-based signatures took five years, because TLS certificates were valid for up to five years. Phasing out certificates with SHA-1<\/a>-based signatures took three years, because the maximum lifetime of TLS certificates was three years. Weakness in hash algorithms can lead to situations in which attackers can forge certificates, so users were at risk for years after collision attacks against these algorithms were proven feasible.<\/p>\n

2. Limit exposure to compromise<\/b><\/p>\n

Keys valid for longer than one year have greater exposure to compromise, and a compromised key could enable an attacker to intercept secure communications and\/or impersonate a website until the TLS certificate expires. A good security practice is to change key pairs frequently, which should happen when you obtain a new certificate. Thus, one-year certificates will lead to more frequent generation of new keys.<\/p>\n

3. TLS Certificates Outliving Domain Ownership<\/b><\/p>\n

TLS certificates provide authentication, meaning that you can be sure that you are sending information to the correct server and not to an imposter trying to steal your information. If the owner of the domain changes or the cloud service provider changes, the holder of the TLS certificate\u2019s private key (e.g. the previous owner of the domain or the previous cloud service provider) can impersonate the website until that TLS certificate expires. The Insecure Design Demo site<\/a> describes two problems with TLS certificates outliving their domain ownership:<\/p>\n