The landscape of web public key infrastructure (PKI) is changing and updating to become more faster, nimble, and resilient.
Why should the security engineer care? It helps shorten compromise recovery times and allows you to focus on the rest of the investigation. With the passing of Ballot SC-063 in the CA/Browser forum, this positioned TLS certificates to be more resistant to malicious key control from 90 days to 10 days (and eventually 7 days).
This change ,paired with updated ways to store certificate transparency (CT) logs and manage certificates, enables network defenders and security engineers to narrow triage periods, have more options for automation, and have more confidence in the transport security of their ever growing networks.
