[Cryptography] Apple's 13-month certificate policy
Henry Baker
hbaker1 at pipeline.com
Sat Feb 22 12:04:02 EST 2020
FYI --
https://www.theregister.co.uk/2020/02/20/apple_shorter_cert_lifetime/
Apple drops a bomb on long-life HTTPS certificates:
Safari to snub new security certs valid for more than 13 months
Keep your crypto below 398 days after September 1 and you're all good
By Shaun Nichols in San Francisco 20 Feb 2020 at 23:20
Safari will, later this year, no longer accept new HTTPS certificates
that expire more than 13 months from their creation date.
That means websites using long-life SSL/TLS certs issued after the
cut-off point will throw up privacy errors in Apple's browser.
The policy was unveiled by the iGiant at a Certification Authority
Browser Forum (CA/Browser) meeting on Wednesday. Specifically,
according to those present at the confab, from September 1, any new
website cert valid for more than 398 days will not be trusted by the
Safari browser and instead rejected. Older certs, issued prior to the
deadline, are unaffected by this rule.
By implementing the policy in Safari, Apple will, by extension,
enforce it on all iOS and macOS devices. This will put pressure on
website admins and developers to make sure their certs meet Apple's
requirements – or risk breaking pages on a billion-plus devices and
computers.
Tim Callan, a senior fellow at PKI and SSL management firm Sectigo,
who attended this week's meeting in Slovakia, told The Register: "This
week Apple announced at the 49th CA/Browser Forum Face-to-Face that it
will limit the term of accepted TLS certificates to 398 days as of
September 1, 2020. Certificates issued on or after that date with term
beyond 398 days will be distrusted in Apple products.
"Certificates issued prior to September 1 will have the same
acceptable duration as certificates do today, which is 825 days. No
action is required for these certificates."
Cutting certificate lifetimes has been mulled by Apple, Google, and
other members of CA/Browser for months. The policy has its benefits
and drawbacks.
The aim of the move is to improve website security by making sure devs
use certs with the latest cryptographic standards, and to reduce the
number of old, neglected certificates that could potentially be stolen
and re-used for phishing and drive-by malware attacks. If boffins or
miscreants are able to break the cryptography in a SSL/TLS standard,
short-lived certificates will ensure people migrate to more secure
certs within roughly a year.
Shortening the lifespan of certificates does come with some
drawbacks. It has been noted that by increasing the frequency of
certificate replacements, Apple and others are also making life a
little more complicated for site owners and businesses that have to
manage the certificates and compliance.
"Companies need to look to automation to assist with certificate
deployment, renewal, and lifecycle management to reduce human overhead
and the risk of error as the frequency of certificate replacement
increase," Callan told us.
We note Let's Encrypt issues free HTTPS certificates that expire after
90 days, and provides tools to automate renewals, so those will be
just fine – and they are used all over the web now. El Reg's cert is a
year-long affair so we'll be OK.
GitHub.com uses a two-year certificate, which would fall foul of
Apple's rules though it was issued before the cut-off
deadline. However, it is due to be renewed by June, so there's plenty
of opportunity to sort that out. Apple's website has a year-long HTTPS
cert that needs renewing in October.
Microsoft is an interesting one: its dot-com's cert is a two-year
affair, which expires in October. If Redmond renews it for another two
years, it'll trip up over Safari's policy.
No public announcement has been made by Apple, it seems. Digicert's
Dean Coclin has issued a memo about the policy:
"Why did Apple unilaterally decide to enforce a shorter certificate
lifetime?" Coclin pondered.
"Their spokesperson said it was to 'protect users.' We know from prior
CA/B Forum discussions that longer certificate lifetimes proved to be
challenging in replacing certificates, in the case of a major security
incident. Apple clearly wants to avoid an ecosystem that cannot
quickly respond to major certificate-related threats.
"Short-lived certificates improve security because they reduce the
window of exposure if a TLS certificate is compromised. They also help
remediate normal operational churn within organizations by ensuring
yearly updates to identity such as company names, addresses and active
domains. As with any improvement, shortening of lifetimes should be
balanced against the hardship required of certificate users to
implement these changes."
Apple declined to comment.
https://www.theregister.co.uk/2020/02/20/apple_shorter_cert_lifetime/
Apple drops a bomb on long-life HTTPS certificates:
Safari to snub new security certs valid for more than 13 months
Keep your crypto below 398 days after September 1 and you're all good
By Shaun Nichols in San Francisco 20 Feb 2020 at 23:20
Safari will, later this year, no longer accept new HTTPS certificates
that expire more than 13 months from their creation date.
That means websites using long-life SSL/TLS certs issued after the
cut-off point will throw up privacy errors in Apple's browser.
The policy was unveiled by the iGiant at a Certification Authority
Browser Forum (CA/Browser) meeting on Wednesday. Specifically,
according to those present at the confab, from September 1, any new
website cert valid for more than 398 days will not be trusted by the
Safari browser and instead rejected. Older certs, issued prior to the
deadline, are unaffected by this rule.
By implementing the policy in Safari, Apple will, by extension,
enforce it on all iOS and macOS devices. This will put pressure on
website admins and developers to make sure their certs meet Apple's
requirements – or risk breaking pages on a billion-plus devices and
computers.
Tim Callan, a senior fellow at PKI and SSL management firm Sectigo,
who attended this week's meeting in Slovakia, told The Register: "This
week Apple announced at the 49th CA/Browser Forum Face-to-Face that it
will limit the term of accepted TLS certificates to 398 days as of
September 1, 2020. Certificates issued on or after that date with term
beyond 398 days will be distrusted in Apple products.
"Certificates issued prior to September 1 will have the same
acceptable duration as certificates do today, which is 825 days. No
action is required for these certificates."
Cutting certificate lifetimes has been mulled by Apple, Google, and
other members of CA/Browser for months. The policy has its benefits
and drawbacks.
The aim of the move is to improve website security by making sure devs
use certs with the latest cryptographic standards, and to reduce the
number of old, neglected certificates that could potentially be stolen
and re-used for phishing and drive-by malware attacks. If boffins or
miscreants are able to break the cryptography in a SSL/TLS standard,
short-lived certificates will ensure people migrate to more secure
certs within roughly a year.
Shortening the lifespan of certificates does come with some
drawbacks. It has been noted that by increasing the frequency of
certificate replacements, Apple and others are also making life a
little more complicated for site owners and businesses that have to
manage the certificates and compliance.
"Companies need to look to automation to assist with certificate
deployment, renewal, and lifecycle management to reduce human overhead
and the risk of error as the frequency of certificate replacement
increase," Callan told us.
We note Let's Encrypt issues free HTTPS certificates that expire after
90 days, and provides tools to automate renewals, so those will be
just fine – and they are used all over the web now. El Reg's cert is a
year-long affair so we'll be OK.
GitHub.com uses a two-year certificate, which would fall foul of
Apple's rules though it was issued before the cut-off
deadline. However, it is due to be renewed by June, so there's plenty
of opportunity to sort that out. Apple's website has a year-long HTTPS
cert that needs renewing in October.
Microsoft is an interesting one: its dot-com's cert is a two-year
affair, which expires in October. If Redmond renews it for another two
years, it'll trip up over Safari's policy.
No public announcement has been made by Apple, it seems. Digicert's
Dean Coclin has issued a memo about the policy:
"Why did Apple unilaterally decide to enforce a shorter certificate
lifetime?" Coclin pondered.
"Their spokesperson said it was to 'protect users.' We know from prior
CA/B Forum discussions that longer certificate lifetimes proved to be
challenging in replacing certificates, in the case of a major security
incident. Apple clearly wants to avoid an ecosystem that cannot
quickly respond to major certificate-related threats.
"Short-lived certificates improve security because they reduce the
window of exposure if a TLS certificate is compromised. They also help
remediate normal operational churn within organizations by ensuring
yearly updates to identity such as company names, addresses and active
domains. As with any improvement, shortening of lifetimes should be
balanced against the hardship required of certificate users to
implement these changes."
Apple declined to comment.
---------------------------------------------------------
I don't get it.
Either certificate revocation works or it doesn't.
If it doesn't, then we're going to need "TTL's" just
like IP packets, and 13 months does nothing at all.
If revocation works, then 2 years (or 4 years) still
works just fine.
If some math genius solves integer factoring or
finite field logarithms, then 13-months isn't going
to help. Ditto for quantum.
I still don't get what Apple is trying to accomplish.
More information about the cryptography
mailing list