The CA Browser Forum has passed SC-081, proposed by Apple, Sectio, Google, and Mozilla, limiting the validity of encryption certificates to no more than 47 days within March 2029. This proposal was initiated by Clint Wilson, the engineer overseeing Apple’s root certification authority project. Initially suggesting a 45-day limit, it was amended to 47 days, extending the deadline from 2027 to 2029.
Browser-side voting unanimously agreed, while CAs voted with 25 in favor, 5 abstentions, and no opposing votes. The mandate also includes reducing the owner name validation data usage to just 10 days as originally proposed, without any further modifications.
This decision faced significant opposition on GitHub threads, with widespread disagreements that could potentially impact many organizations still manually installing certificates, including some like Thai banks using Certification Pinning. Frequent certificate changes with pinning could complicate operations further.
Source: CA Browser Forum
TLDR: The CA Browser Forum passed a resolution, limiting certificate validity to 47 days by March 2029, facing opposition due to potential impacts on organizations relying on manual certificate installations and Certification Pinning.
Leave a Comment