PKI News

Updated 13 May 2026 at 11:54 UTC · 85 items from 6 sources · Refreshed daily at 06:00 UTC
Sponsored
Let's Encrypt Blog

The difficulty of making sure your website is broken

Have you ever needed to make sure your website has a broken certificate? While many tools exist to help run an HTTPS server with valid certificates, there aren’t tools to make sure your certificate is revoked or ex…

CABF S/MIME BR

SMC015v2 - mDL Authentication of Individual Identity (#290)

SMC015v2 - mDL Authentication of Individual Identity (#290) * Version * Revision table * References * Attribute collection * Validation of mDL * Numbering fix * Reference update * eIDAS reference * Update eIDAS link * Up…

Let's Encrypt Blog

Six-Day and IP Address Certificates Available in Certbot

This was also posted on EFF’s blog. As we announced earlier this year, Let’s Encrypt now issues IP address and six-day certificates to the general public. The Certbot team at the Electronic Frontier Foundatio…

Let's Encrypt Blog

Shorter Certificate Lifetimes and Rate Limits

As previously announced, over the next two years we will be switching the default certificate lifetime from 90 days to 64 days, and then 45 days. This will ultimately double the number of certificate renewal requests eac…

Let's Encrypt Blog

On the Importance of "Hello" and "Thanks"

In a recent conversation with a Let’s Encrypt subscriber, we asked them to guess how many people work at ISRG, the nonprofit behind Let’s Encrypt (and Prossimo and Divvi Up). Their guess was about 100; they&r…

Let's Encrypt Blog

6-day and IP Address Certificates are Generally Available

Update: March 11, 2026 If you use Certbot, see Six-Day and IP Address Certificates Available in Certbot for details on requesting these certificates. Short-lived and IP address certificates are now generally available fr…

Let's Encrypt Blog

A Note from our Executive Director

This letter was originally published in our 2025 Annual Report. This year was the 10th anniversary of Let’s Encrypt. We’ve come a long way! Today we’re serving more than 700 million websites, issuing te…

Let's Encrypt Blog

10 Years of Let's Encrypt Certificates

On September 14, 2015, our first publicly-trusted certificate went live. We were proud that we had issued a certificate that a significant majority of clients could accept, and had done it using automated software. Of co…

Let's Encrypt Blog

Decreasing Certificate Lifetimes to 45 Days

Let’s Encrypt will be reducing the validity period of the certificates we issue. We currently issue certificates valid for 90 days, which will be cut in half to 45 days by 2028. This change is being made along with the r…

CABF Code Signing

CSC-31: Maximum Validity Reduction (#48) (#51)

CSC-31: Maximum Validity Reduction (#48) (#51) * CSC-31: Maximum Validity Reduction (#48) * Update CSBR.md for proposed validity period change Updating to mostly match ian's original verbiage. However, given that we …

CABF TLS BR

SC092: Sunset use of Precertificate Signing CAs (#630)

SC092: Sunset use of Precertificate Signing CAs (#630) * Sunset precert signing cas (#629) * Update version and revision table * Fix formatting * fix formatting * Change order of effective dates in table 1.2.2. * One mor…

CABF S/MIME BR

v1.0.12 - Ballot SMC014 (#285)

v1.0.12 - Ballot SMC014 (#285) The Intellectual Property Review (IPR) period for Ballot SMC014 (DNSSEC for CAA) has completed. No IPR Exclusion Notices were filed, and the ballot is adopted as of October 13, 2025.

Let's Encrypt Blog

Ten Years of Community Support

Seth Schoen was an early contributor to Let's Encrypt through his work at the Electronic Frontier Foundation. He's also one of the longest standing participants in the Let's Encrypt community support forum, so we asked h…

Let's Encrypt Blog

ACME Renewal Information (ARI) Published as RFC 9773

Let’s Encrypt has been proud to work with the IETF to maintain ACME as an open standard since we first developed the technology a decade ago. We’re happy to announce that IETF has published our latest additio…

Let's Encrypt Blog

Native ACME Support Comes to NGINX

NGINX and Let's Encrypt share a common vision of an open and secure web. Now, with built-in support for ACME, the world's most popular web server, reverse proxy and ingress controller for Kubernetes can simplify certific…

CABF TLS BR

SC-089: Mass Revocation Planning (#611)

SC-089: Mass Revocation Planning (#611) * SC-089: Mass Revocation Planning (#610) * Initial draft of 5.7.1.2 Here is an initial draft of a proposal to add section 5.7.1.2 to the TLS Baseline Requirements. See Issue #602 …

CABF S/MIME BR

v1.0.11 - Ballot SMC013 (#284)

v1.0.11 - Ballot SMC013 (#284) This text introduces specifications for the use of two post-quantum cryptography (PQC) algorithms, as standardized by the U.S. National Institute of Standards and Technology (NIST), in the …

Let's Encrypt Blog

End of Life Plan for RFC 6962 Certificate Transparency Logs

Update, August 18, 2025 We have updated the read-only and shutdown dates to ensure that our new Static CT API logs are fully trusted by browsers before switching Oak to read-only in order to avoid any disruption. Let’s E…

CABF S/MIME BR

v1.0.10 - Ballot SMC012 (#282)

v1.0.10 - Ballot SMC012 (#282) This text introduces a new method for validation of mailbox control, using ACME for S/MIME as defined in RFC 8823: Extensions to Automatic Certificate Management Environment for End-User S/…

Mozilla Security Blog

Firefox Security Response to pwn2own 2025

At Mozilla, we consider security to be a paramount aspect of the web. This is why not only does Firefox have a long running bug bounty program but also mature … Read more The post Firefox Security Response to pwn2o…

CABF S/MIME BR

v1.0.9 - Ballot SMC011 (#272)

v1.0.9 - Ballot SMC011 (#272) * Date * Add EUID Definition * 7.1.4.2.2 (d) add note 4 * Appendix A.1 update * Minor * Revision table * Minor update to Definition * Reconfigure Note 4 * Minor format Note 4 * Minor format …

Mozilla Security Blog

Updated GPG key for signing Firefox Releases

The GPG key used to sign the Firefox release manifests is expiring soon, and so we’re going to be switching over to a new signing subkey shortly. The GPG fingerprint … Read more The post Updated GPG key for signing…

Mozilla Security Blog

Behind the Scenes: Fixing an In-the-Wild Firefox Exploit

At Mozilla, browser security is a critical mission, and part of that mission involves responding swiftly to new threats. Tuesday, around 8 AM Eastern time, we received a heads-up from … Read more The post Behind th…

CABF Code Signing

CSC-26: Timestamping Private Key Protection (#34)

CSC-26: Timestamping Private Key Protection (#34) * Timestamp Certificate, SubCA and Key restrictions * Add log and witness requirements for key destruction * Add effective dates * Typo correction * Align date format * U…

Mozilla Security Blog

Firefox will upgrade more Mixed Content in Version 127

Most of the web already supports HTTPS: In fact, 93% of requests made by Firefox are already HTTPS. As a reminder, HTTP over TLS (HTTPS) fixes the security shortcoming of HTTP … Read more The post Firefox will upgr…

Mozilla Security Blog

Rapidly Leveling up Firefox Security

At Mozilla, we believe in an open web that is safe to use. To that end, we improve and maintain the security of people using Firefox around the world. This … Read more The post Rapidly Leveling up Firefox Security …

CABF Code Signing

CSC-22: High risk changes (#31)

CSC-22: High risk changes (#31) * Restore EV guidelines version reference * Capitalize "MUST NOT" (#19) * Assign ballot number, fix ballot name * High risk ballot draft language * Restore and tweak reference to…

CABF Code Signing

CSC-21: Improved signing services requirements (#12)

CSC-21: Improved signing services requirements (#12) * Fix typos * Prepare final copy assuming IPR review is clean * Import of Word doc changes to Git * Clarify that SSs are not DTPs in 8.1 * Update may to MAY * Integrat…

CABF Code Signing

Bump actions/upload-artifact from 3 to 4 (#32)

Bump actions/upload-artifact from 3 to 4 (#32) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](h…

CABF Code Signing

CSC-20 (#30)

CSC-20 (#30) * Restore EV guidelines version reference * Capitalize "MUST NOT" (#19) * Assign ballot number, fix ballot name * Add effective date

Mozilla Security Blog

Mozilla VPN Security Audit 2023

To provide transparency into our ongoing efforts to protect your privacy and security on the Internet, we are releasing a security audit of Mozilla VPN that Cure53 conducted earlier this … Read more The post Mozill…

Mozilla Security Blog

Version 2.9 of the Mozilla Root Store Policy

Online security is constantly evolving, and thus we are excited to announce the publication of MRSP version 2.9, demonstrating that we are committed to keep up with the advancement of … Read more The post Version 2…

CABF Code Signing

Bump actions/checkout from 3 to 4 (#27)

Bump actions/checkout from 3 to 4 (#27) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/…

Mozilla Security Blog

Updated GPG key for signing Firefox Releases

The GPG key used to sign the Firefox release manifests is expiring soon, and so we’re going to be switching over to new key shortly. The new GPG fingerprint is … Read more The post Updated GPG key for signing Firef…

Mozilla Security Blog

Upgrading Mozilla’s Root Store Policy to Version 2.8

In accordance with the Mozilla Manifesto, which emphasizes the open development of policy that protects users’ privacy and security, we have worked with the Mozilla community over the past several … Read more The p…

Sources: mozilla.dev.security.policy  ·  CA/Browser Forum (TLS, S/MIME, Code Signing)  ·  IETF LAMPS WG  ·  Mozilla Security Blog  ·  Let's Encrypt Blog  ·  Mozilla CA Incidents