CA Council to Improve Internet Certificate Security in 2016
Certificate Validity Another issue that CAs will be dealing with in 2016 is the length of time for which a given TLS certificate is valid. In 2015, a new policy came into effect that reduced the maximum validity of a TLS certificate to 39 months, down from a 60 months. "We've gone from a place in the last few years where there was no limit, and then in 2012, we capped it at 60 months," Beattie said. "When the 60-month cap was announced, we also announced the plan to bring it down to 39 months for 2015." There hasn't been any pushback from customers on the certificate term length, as most enterprise customers tend to be looking for certificates that are valid for one to three years, Beattie said."People are getting concerned about key compromise, so it's good cryptographic hygiene to keep rolling keys with new certificates," Morton said. Overall, Beattie sees 2016 as a year of opportunities for the CAs, rather than just being a year where outstanding challenges are addressed. "There are more opportunities now for customers to protect things and make choices about security," Beattie said. "In past years, the push has been about moving from 1,024-bit to 2,048-bit encryption and from SHA-1 to SHA-2, so hopefully, 2016 will be less about challenges and more about opportunities for organizations to secure their sites in different ways." Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
A trend that started to emerge in 2015, according to Morton, is that some customers wanting short-lived certificates of only two weeks.