Google Plans to Improve SSL Cetificate Validation in Chrome

Status
Not open for further replies.

jamescv7

Level 85
Thread author
Verified
Honorary Member
Mar 15, 2011
13,070
Google is working on implementing more strict digital certificate verification mechanisms in Chrome based on a technology it already has.

The security industry is still actively discussing the recent compromise of a Registration Authority (RA) that resulted in rogue digital certificates for high-profile domains being issued by Comodo.

Following the incident, browser vendors and security specialists have begun working together to find methods of improving the public key infrastructure (PKI), which is used to establish trust online.

However, while the involved parties are in agreement on some aspects, there are significant differences in the approaches they prefer.

http://news.softpedia.com/news/Google-Plans-to-Improve-SSL-Cetificate-Validation-in-Chrome-192774.shtml
 

bogdan

Level 1
Jan 7, 2011
1,362
"The basic idea is that if a certificate doesn’t appear in our database, despite being correctly signed by a well-known CA and having a matching domain name, then there may be something suspicious about that certificate," Google says

Basically they'll have their own list of good certificates and anything not in the list will generate a warning. Won't this generate too many warnings?
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top