According to a new report, Apple wants to increase security in Safari. According to the report, Apple plans to encourage website operators to update certificates more frequently.
According to a new report from The Register, Apple has announced a change in safari According to the report, users will be warned from September 1, 2020 if a website they visit uses a TLS/SSL certificate that has been in existence for more than 13 months. It does not matter whether the certificate is still valid. In such a case, the website will be marked within Safari. But what is the purpose of this change? According to the report, Apple wants to ensure that websites use the latest available certificates and technologies. There are websites that renew the necessary certificate every two or three years, for example. In doing so, they run the risk of using outdated technology. This is what the report:
The goal of the move is to improve website security by ensuring that developers use certificates with the latest cryptographic standards and to reduce the number of old, neglected certificates that could potentially be stolen and reused for phishing and drive-by malware attacks. If criminals manage to break the cryptography of an SSL/TLS standard, short-lived certificates ensure that people switch to more secure certificates within about a year.
Some companies have to adapt their policies
Of course, this all sounds interesting for Safari users. But not everyone is enthusiastic about Apple's plan. SSL management company Sectigo warned The Register of negative consequences. For example, the frequent updating of certificates increases the likelihood that something will go wrong. The report states:
Organizations must strive for automation to support certificate adoption, renewal and lifecycle management to reduce human effort and risk of errors as the frequency of certificate exchange increases.
There are companies that only update their SSL certificate every two years, for example. One such company is Microsoft. If the company maintains this policy, it will cause problems in the long run.
The purpose of SSL certificates
Not everyone is familiar with the so-called SSL certificate. So here is a brief explanation. The well-known "HTTPS" is a secure version of the web protocol "HTTP". This means that "HTTPS" ensures encrypted communication between the visitor and the respective server. Such an SSL certificate basically protects users from "man in the middle" attacks because the data traffic is encrypted. If a website only used HTTP, data such as user names and passwords would be visible in plain text. So when a website is opened, the browser (in this case Safari) checks whether the website has a valid security certificate. If this is not the case, a warning appears. After additional confirmation, the respective website can still be opened - but this is not recommended. (Photo by Senir Design / Bigstockphoto)
