February, 2025
PKI and cryptography news from the shortest month of this year
What is cryptography but some random numbers mixed with drama? February is the shortest month of the year, but you wouldn’t know it looking at the long list of news and happenings from the month.
Big News
The discussion on reduced certificate validity periods continues on at the CA/Browser Forum. The latest update to draft ballot SC-81 delays the rollout of the maximum certificate validity period of 47 days from 2028 to 2029. Meanwhile, a good, old-fashioned Internet flamewar continues in the comments section of the Github pull request for the ballot.
Chrome has released version 1.6 of the Chrome Root Program Policy. Generally updates of this nature would not be Big News, but this update is quite impactful, as it sunsets the use of the clientAuth EKU in the WebPKI in June of 2026. As a result, Chrome will no longer distribute root certificates to be used for TLS client authentication, and CAs will need to adjust their issuance to ensure that their existing (and new) root CAs do not violate the new policy. In other words, if you use mTLS with certificates from publicly trusted CAs, expect to make some big changes soon.
Not strictly related to PKI, but the hack of Bybit by the Lazarus Group is Big News merely due to the size of the heist: nearly $1.5 billion USD, which makes it the largest cryptocurrency heist so far. Although Bybit used multi-signatures to sign the transaction to move funds from its cold wallet, the user interface was compromised to display incorrect information regarding the destination wallet addresses.
PQC Isn’t Your Migration from SHA-1
Microsoft announced their quantum computing chip, Majorana 1, is revolutionary in that is built on topological superconductors, which harnesses a new state of matter for computation. Microsoft says that this novel method can be used to build a quantum processor with millions of qubits that can fit in the palm of your hand.
The Chinese Institute of Commercial Cryptography Standards has announced their PQC standardization program with a call for proposals. Notably, the program will only accept submissions that have not been submitted to other programs.
NIST is soliciting feedback on its proposal for additional parameter sets for SLH-DSA. SLH-DSA, which was standardized in FIPS 205, is a PQC signature algorithm that boasts small private key sizes, but with very large signatures. The proposed additional parameter sets will reduce the signature size at the cost of reducing the maximum number of signings that a given SLH-DSA key can perform.
For the PKI Propellerheads
Let’s Encrypt has issued their first certificate with a 6-day validity period. The certificate still contains a pointer to the OCSP responder, which allowed Let’s Encrypt to immediately revoke the certificate after issuance.
Firefox has included support for checking certificates for inclusion in Certificate Transparency logs. As of now, the Certificate Transparency policy for Firefox mirrors Google’s policy, so there will be no unfortunate surprises with certificates breaking if the two policies are not in sync. The Android team has released some documentation on CT support landing in Android 16.
The Chrome team has announced that they will start enrolling Certificate Transparency logs that are based on the Sunlight specification. The Sunlight specification has significant operational and performance advantages over existing Certificate Transparency log implementations.
A draft specifying how website owners can signal which trust stores issue certificates for their website has been adopted by the TLS working group at IETF. This draft, known as Trust Anchor Identifiers, is the evolution of the Trust Expressions draft, which received much commentary last year. These drafts are highly controversial, as a number of people believe they will only serve to fracture the Internet. The draft Trust is Non-negotiable provides a thorough treatment of the potential shortcomings of the Trust Anchor Identifiers draft.
A high-severity vulnerability in OpenSSL that could cause a TLS client connecting to a TLS server that uses raw public keys for authentication to incorrectly trust the server has been patched. The patch resolves an issue where if server authentication fails, there is no alert raised to cause the TLS handshake to fail. As a result, the TLS handshake succeeds and the client is unaware that the connection is insecure.
For the Policy Wonks
The debate over the future of QWACs (Qualified Website Authentication Certificates) rages on in Europe. ETSI has recently published TS 119 411-5, which defines the implementation of QWACs both as a single certificate as well as a 2-certificate solution.
Mozilla has published version 3.0 of their Root Certificate Program Policy. Notably, section 6.1.3 outlines new guidance and obligations for CAs in preparing for mass revocation events. There were many delayed revocation events in the Web PKI in 2024, and this new policy aims to reduce the number of these events by requiring that CAs develop plans on ensuring they can quickly replace certificates to comply with the revocation timelines mandated by the CA/Browser Forum.