Justin Schuh, lead engineer of Chrome Security, said ensuring browser security for Chrome users is a balancing act juggling OEM pressures, questionable certificate authorities and quashing third-party software incompatibility issues.
Google said that more than half of pageloads on Chrome across platforms are encrypted; Android as the lone laggard, but trending upward.
Google announced Monday that it will distrust certificates issued by WoSign and StartCom when in it ships Chrome 56 in January 2017.
Apple said over the weekend it would soon distrust certificates issued by WoSign’s Free SSL Certificate G2 intermediate CA on macOS.
Google announced on Monday that it has created a new list of CAs that were once, or are not yet, trusted by browsers.
UPDATE–As the debate over potential government interference with encryption technologies rages in countries around the world, Congress is now going down a different path, asking technology companies whether it’s feasible and potentially effective for certificate authorities to restricting the way that government-owned CAs can issue certificates. Members of the House Committee on Energy and Commerce […]
The next version of Mozilla Firefox will include a new certificate revocation list that will speed up and streamline the process of revoking intermediate certificates trusted by the browser. The new feature, known as OneCRL, is meant as a replacement for the old OCSP (online certificate status protocol) system that is used now to check […]
Google has initiated a process to revoke trust from any certificates that rely on the outdated SHA-1crytpographic hash algorithm.
Data compiled from Rapid7’s Project Sonar scan found 107,000 websites running 1024-bit CA certificates that will soon be untrusted as Mozilla announces it will no longer support the shorter, weaker keys.