Google to tighten SSL certificate security policies

By

In a year.

Google will enforce its Certificate Transparency initiative next October, expecting site credentials to comply with its policies in order to to be trusted by the popular Chrome web browser.

Google to tighten SSL certificate security policies

The Certificate Transparency initiative aims to sort out structural flaws in the Secure Sockets Layer/Transport Layer Security (SSL/TLS) crypto system.

Chrome is currently the world's most popular web browser, with over a half of the globe's internet users favouring it over Microsoft's Internet Explorer, Mozilla Firefox and other browsers.

Google engineer Ryan Sleevi announced the policy update on an internet forum.

"This is a significant step forward in the online trust ecosystem. The investments made by CAs adopting CT, and Chrome requiring it in some cases, have already paid tremendous dividends in providing a more secure and trustworthy internet," Sleevi said.

"The use of Certificate Transparency has profoundly altered how browsers, site owners, and relying parties are able to detect and respond to misissuance, and importantly, gives new tools to mitigate the damage caused when a CA no longer complies with community expectations and browser programs."

Sites not compliant with the Certificate Transparency initiative will be flagged by Chrome as dangerous and blocked by an interstitial. This includes sites that use stolen, misconfigured or otherwise incorrect certificates.

The online giant pointed to a Malaysian certificate authority mistakenly issuing 22 weak SSL certificates that could be used to impersonate sites as an example of the need for the change in policy.

Similarly, it noted that TrustWave had issued subordinate credentials of root certificates, allowing a customer to monitor internet traffic through a man in the middle attack.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

WhatsApp banned on US House of Representatives devices

WhatsApp banned on US House of Representatives devices

Victoria's first government tech chief steps down

Victoria's first government tech chief steps down

Log In

  |  Forgot your password?