Six Colors Icon

Six Colors

Six Colors provides daily coverage of Apple, other technology companies, and the intersection of technology and culture. Its founder and editor in chief is Jason Snell.
sixcolors.com • 2 Stories
All Sources

Six Colors Icon Six Colors

Safari will reject long-lived HTTPS certificates starting September 1

Dan Moren writing for Six Colors:

News out of last week’s meeting of the CA/Browser Forum is that Apple has announced Safari will no longer accept HTTPS certificates older than about 13 months, as of September 1.

The rationale? Shorter certificate lifetimes are safer, for a variety of reasons. For one thing, it prevents a valid (and perhaps abandoned) certificate from being stolen or misappropriated by a bad actor, then used to trick consumers. While there is a process for revoking known bad certificates, it’s cumbersome and many browsers don’t even check the revocation lists.

This may be annoying to many of us in the short-term (our certificate here at changelog.com is a few years old), but it’s a good thing for the security of the web. Suddenly, Let’s Encrypt’s 90 day expirations look both prudent and prescient.

0:00 / 0:00