Google to tighten SSL certificate security policies

By
Follow google news

In a year.

Google will enforce its Certificate Transparency initiative next October, expecting site credentials to comply with its policies in order to to be trusted by the popular Chrome web browser.

Google to tighten SSL certificate security policies

The Certificate Transparency initiative aims to sort out structural flaws in the Secure Sockets Layer/Transport Layer Security (SSL/TLS) crypto system.

Chrome is currently the world's most popular web browser, with over a half of the globe's internet users favouring it over Microsoft's Internet Explorer, Mozilla Firefox and other browsers.

Google engineer Ryan Sleevi announced the policy update on an internet forum.

"This is a significant step forward in the online trust ecosystem. The investments made by CAs adopting CT, and Chrome requiring it in some cases, have already paid tremendous dividends in providing a more secure and trustworthy internet," Sleevi said.

"The use of Certificate Transparency has profoundly altered how browsers, site owners, and relying parties are able to detect and respond to misissuance, and importantly, gives new tools to mitigate the damage caused when a CA no longer complies with community expectations and browser programs."

Sites not compliant with the Certificate Transparency initiative will be flagged by Chrome as dangerous and blocked by an interstitial. This includes sites that use stolen, misconfigured or otherwise incorrect certificates.

The online giant pointed to a Malaysian certificate authority mistakenly issuing 22 weak SSL certificates that could be used to impersonate sites as an example of the need for the change in policy.

Similarly, it noted that TrustWave had issued subordinate credentials of root certificates, allowing a customer to monitor internet traffic through a man in the middle attack.

Add iTnews as your trusted source

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

JB Hi-Fi Group finds new cyber security leader

JB Hi-Fi Group finds new cyber security leader

Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases

Toll Group puts third-party risk at centre of AI-era data security

Toll Group puts third-party risk at centre of AI-era data security

How Monash University is tackling the AI-driven app security gap

How Monash University is tackling the AI-driven app security gap

Log In

  |  Forgot your password?