Abstract
Short-lived certificates (SLC) are a comparatively new approach to improving software systems' security, performance, and effectiveness. A typical certificate validity can range anywhere between 12 months to multiple years. Short-lived certificates dramatically reduce the validity period to months, sometimes days, and, for some situations, even hours. By reducing the validity, they minimize the scope of damages if the private key is ever compromised. This paper examines the benefits of short-lived certificates, which include but are not limited to improved security posture and reduced reliance on certificate revocation infrastructure and mechanisms. We will approach the automation and infrastructure changes that made this new approach practical. We will explore methods of implementing such a system at scale. We will analyze the trade-offs between security, reliability, performance, and operational complexity. We will additionally cover the network and infrastructure changes that might be necessary for a reliable implementation of Short-lived certificates infrastructure.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call