Pulse of Truth

1827 readers

28 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 2 years ago

MODERATORS

krogoth

How Google’s 90-day TLS certificate validity proposal will affect enterprises (www.helpnetsecurity.com)

submitted 2 years ago by lemmydev2 to c/pulse_of_truth

3 comments fedilink hide all child comments

Announced last year, Google’s proposal to reduce the lifespan of TLS (transport layer security) certificates from 13 months to 90 days could be implemented in the near future. It will certainly improve security and shrink the window of opportunity for bad actors to exploit compromised or stolen certificates and private keys. Unfortunately, it will also dramatically increase the time and energy required to manage TLS certificates. For organizations with only a handful of certificates, this … More → The post How Google’s 90-day TLS certificate validity proposal will affect enterprises appeared first on Help Net Security.

you are viewing a single comment's thread
view the rest of the comments

[–] resetbypeer@lemmy.world 5 points 2 years ago

Lets encrypt has this already by default. Managing this means automation but with that you may shift the problem. When automation is done poorly (esp when least privileged access is not done correctly). Hence that IAM is one of the cornerstone's of zero trust.