Starting next year:

Our longstanding offering won’t fundamentally change next year, but we are going to introduce a new offering that’s a big shift from anything we’ve done before—short-lived certificates. Specifically, certificates with a lifetime of six days. This is a big upgrade for the security of the TLS ecosystem because it minimizes exposure time during a key compromise event.

Because we’ve done so much to encourage automation over the past decade, most of our subscribers aren’t going to have to do much in order to switch to shorter lived certificates. We, on the other hand, are going to have to think about the possibility that we will need to issue 20x as many certificates as we do now. It’s not inconceivable that at some point in our next decade we may need to be prepared to issue 100,000,000 certificates per day.

That sounds sort of nuts to me today, but issuing 5,000,000 certificates per day would have sounded crazy to me ten years ago.

This is an excellent idea.

Slashdot thread.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

US Bans Kaspersky Over Alleged Kremlin Links

June 21, 2024 0 Comments 0 tags

Kaspersky “poses an undue or unacceptable risk to national security,” according to the US Commerce Department’s Bureau of Industry and Security

Read More

Upcoming Speaking Engagements

September 14, 2024 0 Comments 0 tags

This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through

Read More

Chinese Hackers Rely on Covert Proxy Networks to Evade Detection

May 22, 2024 0 Comments 0 tags

Volt Typhoon and other Chinese cyber espionage actors are relying on operational relay box (ORB) networks, Mandiant has observed

Read More