In February 2020 at the CA/Browser Forum in Bratislava, Slovakia (and later officially), Apple has announced that starting September 1st, 2020, maximum TLS certificate lifetime in Safari (and probably in the whole macOS and iOS and all apps) will be just 1 year, 398 days exactly. Apple's change has been followed by both Chrome and Mozilla later that year. That's very good news. But why?
Magical properties are often attributed to the padlock icon 🔒 which marks “secure” pages. For example, you'll often hear that the icon indicates trustworthy websites that won't abuse your data and passwords. The padlock is gradually being removed and that's a Good Thing™. But why?
Chrome started marking all HTTP websites as Not secure yesterday (on my birthday, what a gift!) with their release of Chrome 68. The treatment is not a red warning yet, just a gray (i)
. And there's a lot of busy czech websites getting that treatment. And how did we get here anyway and what's next?