Expand Section 4.2.1 to detail allowed data reuse periods for validation data (both for domains/IPs and for everything else in 3.2) Overall reduction of non-SAN validation reuse from 825 to 366 days Overall reduction of SAN validation reuse from 398 days to 10 days Expand section 6.3.2 to detail schedule of reducing maximum validity periods in coming years Overall reduction of maximum validity period from 398 days to 45 days These reductions are proposed to occur starting in September 2025 through September 2027
Web PKIは過去10年間で証明書の有効期限を短縮する方向に進んできたが、これが正しい方向だったのかという疑問。
約1.78%の鍵が侵害されたため、残りの98.22%が自動化を強制されるのかという懸念。
Google:有効期間短縮の提案
Googleは、「Moving Forward, Together (2024-10-09)」で将来的に有効期間の短縮化に向けてPolicy検討している。 2014年4月に「Heartbleed」の脆弱性で50万以上の証明書入れ替えが発生した。本来、24時間以内の失効が必要であったが、1か月以内に入れ替えが完了したのは14%であった事実を引用している。
In April 2014, a security vulnerability (“Heartbleed”) was discovered in a popular cryptographic software library used to secure the majority of servers on the Internet that broke the security properties provided by TLS. It was estimated that over 500,000 active publicly accessible server authentication certificates needed to be revoked and replaced as a result of Heartbleed.
In response to instances where a certificate’s private key is either 1) compromised or 2) demonstrated weak, CA/Browser Forum TLS Baseline Requirements dictate revocation must take place within 24 hours. Despite a demonstrated vulnerability, remediation efforts from website operators in response to Heartbleed were slow. Only 14% of affected websites completed the necessary remediation steps within a month of disclosure. About 33% of affected devices remained vulnerable nearly three years after disclosure.
Despite Heartbleed taking place over 10 years ago, the reality remains that at any point in time, a TLS certificate is no more than 24-hours away from required revocation, and based on recent publicly disclosed Web PKI incident reports, it appears that the ecosystem is not yet prepared to respond as necessary.
Peer reviewed research also demonstrates that reduced TLS certificate lifetime improves security. For example, in scenarios where a third party maintains control over a TLS certificate and private key, a shorter certificate lifetime implies a shorter window in which the third party can still use the key when they might no longer be authorized to possess it.
Beyond these unambiguous security needs, reducing TLS certificate lifetime encourages automation and the adoption of practices that will drive the ecosystem away from baroque, time-consuming, and error-prone issuance processes. These changes will allow for faster adoption of emerging security capabilities and best practices. Decreasing certificate lifetime will also reduce ecosystem reliance on “broken” revocation checking solutions that cannot fail-closed and, in turn, offer incomplete protection. Currently, our proposed maximum TLS server authentication subscriber certificate validity is ninety (90) days.
Subordinate CA Certificates
Much like how introducing a term-limit for root CAs allows the ecosystem to take advantage of continuous improvement efforts made by the Web PKI community, the same is true for subordinate CAs. Promoting agility in the ecosystem with shorter subordinate CA lifetimes will encourage more robust operational practices, more closely align relied-upon certificate profiles with modern best practices, reduce ecosystem reliance on specific subordinate CA certificates that might represent single points of failure, and discourage potentially harmful practices like key-pinning. Currently, our proposed maximum subordinate CA certificate validity is three (3) years.