Comment by cpach

1 day ago

It’s capped to 15 years.

In another comment someone linked to a document from the Chrome team.

Here’s a quote that I found interesting:

“In Chrome Root Program Policy 1.5, we landed changes that set a maximum ‘term-limit’ (i.e., period of inclusion) for root CA certificates included in the Chrome Root Store to 15 years.

While we still prefer a more agile approach, and may again explore this in the future, we encourage CA Owners to explore how they can adopt more frequent root rotation.”

https://googlechrome.github.io/chromerootprogram/moving-forw...

1 comment

cpach

nickf 8 hours ago

It’ll be 5 years soon.