Google is making its Certificate Transparency initiative mandatory for website certs issued from October 2017, in a bid to further improve stability and security on the internet.
In a note online this week, software engineer Ryan Sleevi, clarified that any new certs issued after that time would not be recognized by Chrome.
“This is a significant step forward in the online trust ecosystem. The investments made by CAs adopting CT, and Chrome requiring it in some cases, have already paid tremendous dividends in providing a more secure and trustworthy internet,” he explained.
“The use of Certificate Transparency has profoundly altered how browsers, site owners, and relying parties are able to detect and respond to mis-issuance, and importantly, gives new tools to mitigate the damage caused when a CA no longer complies with community expectations and browser programs.”
Any Certificate Authorities not happy with the decision are being urged to contact IETF’s Public Notary Transparency WG (TRANS).
Certificate Transparency is an effort on Google’s part to fix structural flaws in the SSL cert system which black hats have been able to exploit to launch man-in-the-middle, website spoofing and other attacks.
It does this by providing a framework for monitoring and auditing SSL certificates in near-real time.
The news was welcomed by Venafi chief security strategist, Kevin Bocek. Yet he argued that CT only addresses part of the problem.
“The challenges of using digital certificates today are more wide-reaching than when they are issued. The bigger problem is when certificates are stolen, misconfigured, or abused. This is why initiatives like Certificate Reputation, built on data from certificate transparency, will help organizations determine if certificates should be trusted at any point in their lifecycle,” he added.
“This is why companies need to make sure they can establish the visibility and intelligence necessary evaluate digital certificates in real time – they will only become more and more important to security and privacy.”