The CA/Browser Forum has officially voted to amend the TLS Baseline Requirements to set a schedule for shortening both the lifetime of TLS certificates.
Security, a malicious individual could mitm or impersonate another server when the private key is leaked. Reducing the timespan from the current 398 days reduces the amount of time compromised certificates can be used. It is possible to revoke certificates, but I think this is for cases when devices are unable to receive those messages.
But why
Security, a malicious individual could mitm or impersonate another server when the private key is leaked. Reducing the timespan from the current 398 days reduces the amount of time compromised certificates can be used. It is possible to revoke certificates, but I think this is for cases when devices are unable to receive those messages.
Ah thanks for explaining. Now it makes sense