Why do you think so? A certificate is essentially a password that proves your identity and rotating it faster is to ensure it stops doing that if someone steals your password.
Short certificate lifetimes address the fact that TLS certificate revocation doesn't work. Password rotation --- which is no longer a NIST recommendation! --- addresses the concern that long-term secrets eventually leak. You can intuitively see how different the problem domains are from the fact that certificate lifetimes are far shorter than even the old NIST password rotation rules were, despite the fact that certificates are all stored securely relative to passwords.
But whether that's intuitive for you or not, the fact remains: short-lifetime automated certificate provisioning is a response to revocation.
I do see your position re: passwords tend to successfully be canceled and certificates tend to not. But I would certainly argue that the downsides of rotation on user behavior and technical security design are quite costly. They remove a lot of the opportunity for risk-based authentication (like TOFU) and require people set up fragile automations capable of generating keys that claim to be them. And every certificate warning that isn't due to a real security problem creates alert fatigue that makes certificate errors seen as spurious.
I think short certificate lifetimes will be viewed in the relatively short future as misguided as the old NIST recommendation on passwords.
> Password rotation used to be considered a gold standard strategy for security, until people realized not only did it make everything harder, it also encouraged people to choose less secure passwords and was largely self-defeating.
Even if we ignore the fact that certificates are not a secret, and that expiry applies to certificates, not private keys, a major difference is that humans don’t mentally generate or manually type TLS keys or certificates. So the negative impact of rotation on user experience and behavior is entirely absent.
I was drastically oversimplifying by calling certificates a password. But the point actually does definitely stand: In the long-lived certificate days, you'd keep your CAs and such offline, and generally speaking, highly secured. Now you have to give your automations everywhere everything they need to constantly generate keys that claim to be your site. People are pushed to make drastically less secure choices about how they generate certificates because it needs to happen so often. A lot like adding a 1 on your last password. ;)
Also, short lifetime certificates help deprogram concern about certificate warnings (most nontechnical users know to ignore them, as a network admin, I've never seen a certificate warning that was actually due to a compromise... so I also ignore them all), which leads to hypothetically much less safe behavior than if certificate warnings only happened when rational.
Which is to say, if you believe a certificate that expired yesterday should result in a scare screen to users or worse with HSTS, interfering with the ability to access it all, you failed security 101.
Why do you think so? A certificate is essentially a password that proves your identity and rotating it faster is to ensure it stops doing that if someone steals your password.
Short certificate lifetimes address the fact that TLS certificate revocation doesn't work. Password rotation --- which is no longer a NIST recommendation! --- addresses the concern that long-term secrets eventually leak. You can intuitively see how different the problem domains are from the fact that certificate lifetimes are far shorter than even the old NIST password rotation rules were, despite the fact that certificates are all stored securely relative to passwords.
But whether that's intuitive for you or not, the fact remains: short-lifetime automated certificate provisioning is a response to revocation.
I do see your position re: passwords tend to successfully be canceled and certificates tend to not. But I would certainly argue that the downsides of rotation on user behavior and technical security design are quite costly. They remove a lot of the opportunity for risk-based authentication (like TOFU) and require people set up fragile automations capable of generating keys that claim to be them. And every certificate warning that isn't due to a real security problem creates alert fatigue that makes certificate errors seen as spurious.
I think short certificate lifetimes will be viewed in the relatively short future as misguided as the old NIST recommendation on passwords.
6 replies →
> Password rotation used to be considered a gold standard strategy for security, until people realized not only did it make everything harder, it also encouraged people to choose less secure passwords and was largely self-defeating.
Even if we ignore the fact that certificates are not a secret, and that expiry applies to certificates, not private keys, a major difference is that humans don’t mentally generate or manually type TLS keys or certificates. So the negative impact of rotation on user experience and behavior is entirely absent.
I was drastically oversimplifying by calling certificates a password. But the point actually does definitely stand: In the long-lived certificate days, you'd keep your CAs and such offline, and generally speaking, highly secured. Now you have to give your automations everywhere everything they need to constantly generate keys that claim to be your site. People are pushed to make drastically less secure choices about how they generate certificates because it needs to happen so often. A lot like adding a 1 on your last password. ;)
Also, short lifetime certificates help deprogram concern about certificate warnings (most nontechnical users know to ignore them, as a network admin, I've never seen a certificate warning that was actually due to a compromise... so I also ignore them all), which leads to hypothetically much less safe behavior than if certificate warnings only happened when rational.
Which is to say, if you believe a certificate that expired yesterday should result in a scare screen to users or worse with HSTS, interfering with the ability to access it all, you failed security 101.