From d7a4d40d4770921ca5f61237c0025a6eb6786f9d Mon Sep 17 00:00:00 2001 From: shankar0123 Date: Sat, 21 Mar 2026 16:40:51 -0400 Subject: [PATCH] =?UTF-8?q?docs:=20fix=20SC-081v3=20voting=20claim=20?= =?UTF-8?q?=E2=80=94=20not=20unanimous,=20zero=20opposition=20with=205=20a?= =?UTF-8?q?bstentions?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The ballot passed 25-0-5 among CAs and 4-0-0 among browsers. Not unanimous due to 5 CA abstentions (Entrust, IdenTrust, Japan Registry Services, SECOM, TWCA). Co-Authored-By: Claude Opus 4.6 --- docs/concepts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/concepts.md b/docs/concepts.md index e155f1a..449ca29 100644 --- a/docs/concepts.md +++ b/docs/concepts.md @@ -14,7 +14,7 @@ Think of it like a notarized ID badge for a website. The badge says "I am api.ex Every certificate has an expiration date. This isn't a bug — it's a security feature. Short lifetimes limit the damage if a private key is compromised, and they force organizations to prove they still control their domains. -Certificate lifespans have been shrinking steadily. A decade ago, certificates lasted up to 5 years. Then the CA/Browser Forum — the industry body that sets certificate rules — reduced the maximum to 3 years, then 2 years, then 398 days. In April 2025, they passed Ballot SC-081v3 unanimously, setting a phased reduction to **200 days** (March 2026), **100 days** (March 2027), and **47 days** (March 2029). Let's Encrypt already issues 90-day certificates by default. +Certificate lifespans have been shrinking steadily. A decade ago, certificates lasted up to 5 years. Then the CA/Browser Forum — the industry body that sets certificate rules — reduced the maximum to 3 years, then 2 years, then 398 days. In April 2025, they passed Ballot SC-081v3 with zero opposition (25 CAs in favor, 5 abstentions, all 4 browser vendors in favor), setting a phased reduction to **200 days** (March 2026), **100 days** (March 2027), and **47 days** (March 2029). Let's Encrypt already issues 90-day certificates by default. The trend is clear: shorter lifespans, more frequent renewals, and zero tolerance for manual processes.