The CA/Browser Forum has officially voted to amend the TLS Baseline Requirements to set a schedule for shortening both the lifetime of TLS certificates.
End users should start getting used to that expired certificate warning in their browser of choice and the process to tell it to continue to the site anyway.
We already have a lot of this, and it’s definitely gonna get worse. Is a security dance so convoluted that people are used to others just messing up really an effective process?
Given the biggest breaches were caused by default passwords and misconfigured S3 outhouses, are we focusing on the right stuff today?
We already have a lot of this, and it’s definitely gonna get worse. Is a security dance so convoluted that people are used to others just messing up really an effective process?
Given the biggest breaches were caused by default passwords and misconfigured S3 outhouses, are we focusing on the right stuff today?