Ballot SC 22’s failure highlights the dysfunction at the CA/Browser Forum.
For now, at least, SSL/TLS certificates will still have a maximum validity period of two years (or 27 months). The CA/Browser Forum Ballot that sought to shorten the maximum lifespan of SSL/TLS certificates to one year failed when the voting ended yesterday afternoon. The final tally was 20 opposed, 18 in favor and two abstentions. The vote wasn’t that close though, it fell well short of what was needed to pass from the Certificate Authorities.
This is now the second time the initiative to shorten certificate validity to a single year has been rejected. The last time shortening validity was discussed, two years was the compromise. This time around the only compromise extended to the CAs was delaying the ballot’s effective date back a month, from March to April 2020.
Citing business disruptions and the pain points of their customers, as well as 4,000 customer survey aggregate results from three CAs showing website owners opposed the change by 83%, the CAs voted down this measure by a count of 20-11. The seven browser vendors joined in supporting the ballot, but ultimately it didn’t matter on account of the CA vote.
But while that might seem like it’s the whole story – it’s really just scraping the surface. This process laid bare the CA/B Forum’s flaws and likely deepened the divide between the browsers and the CAs. So, today we’re going to discuss the ballot, the CA/B Forum and the absolute breakdown in civility that’s unfolding right now in this industry. Then we’ll talk about what needs to change to fix it.
Let’s hash it out.
The post SSL Certificates: One Year Max Validity Ballot Fails at the CA/B Forum appeared first on Hashed Out by The SSL Store™.
This post first appeared on Https://www.thesslstore.com/blog/how-to-view-ssl-certificate-details-in-chrome-56/, please read the originial post: here