Blockchain/ Distributed Ledger

Recently two different corporations asked me about rotating X.509 certificates every three months. One was told to do so by an external auditor. The other was told by their CA that is the new standard. Has anyone heard the CAs are mandating rotation every three months? Is there an underlying advisory?

Thank you for your consideration.

Cheers,
alex.

------------------------------
Alex Sharpe
Principal
Sharpe42
[email protected]
Co-Chair Philosophy & Guiding Principles Working Group
Co-Chair Organizational Strategy & Governance Working Group
------------------------------

Hi Alex,
It must be related to this announcement from Google regarding the reduction of the maximum possible validity for public TLS certificates from 398 days to 90 days!

------------------------------
Panagiotis Chavariotis
Greece
------------------------------

Original Message:
Sent: Mar 06, 2024 07:30:27 AM
From: Alex Sharpe
Subject: Three Month Certificate Rotation?

Recently two different corporations asked me about rotating X.509 certificates every three months. One was told to do so by an external auditor. The other was told by their CA that is the new standard. Has anyone heard the CAs are mandating rotation every three months? Is there an underlying advisory?

Thank you for your consideration.

Cheers,
alex.

------------------------------
Alex Sharpe
Principal
Sharpe42
[email protected]
Co-Chair Philosophy & Guiding Principles Working Group
Co-Chair Organizational Strategy & Governance Working Group
------------------------------