Upcoming policy changes to Google Chrome's certificate handling

ct_home_security
Martin Brinkmann
Sep 26, 2013
Google Chrome
|
0

Most financial websites and many popular services and sites offer SSL connections exclusively or in addition to regular connections. Whenever a browser connects to a website via SSL, it will download a certificate that it verifies to make sure the connection is legit.

The certificate includes information about the website's address, confirmed by third party organizations, so that the address the browser connected to and the address in the certificate can be compared with each other.

This is done to make sure that you did not land on a site that pretends to be the site you wanted to connect to.

Secure websites are highlighted by all browsers in the address bar, and certificate errors are displayed as prompts to the user as well.

Google has just published information about upcoming policy changes in regards to the certificate handling in Google Chrome, Chromium and Chrome OS.

1. Minimum RSA key size of 2048 bits

Google Chrome will warn users in early 2014 if certificates contain RSA key sizes of less than 2048 bits.

Beginning in early 2014, Chrome will begin warning users who attempt to access sites with certificates
issued by publicly-trusted CAs, that meet the Baseline Requirements' effective date [..]

Root certificates are exempt temporarily from this. Google may however "remove trust for root certificates with RSA keys less than 2048 bits" in the future.

The company estimates that less than 0.1% of all sites are impacted by this change. This also means that users will run into certificate warnings when they connect to these websites from early 2014 on. It is likely that they will receive a message like "The site's security certificate is not trusted!" when they try to connect to these sites. This prompt is displayed currently if the certificate of a website is not trusted.

2. Improving Extended Validation (EV) certificates

Extended Verification certificates are issued after extensive verification of identities by certificate authorities. Google Chrome will require Certificate Transparency for all Extended Validation certificates issued after a data that is yet to be decided upon.

Certificate Transparency aims to eliminate flaws in the SSL certificate system by "providing an open framework for monitoring and auditing SSL certificates in nearly real time".

This can be used to detect certificates that have been maliciously acquired or issued in error, and also to identify rogue certificate authorities.

Advertisement

Related content

Chrome

Another Google Chrome 0-day vulnerability fixed: update asap
Google

Google Chrome 123 launches with security fixes and Google Update changes on Windows
ads

Microsoft shows another Bing popup advertisement to Windows users

First look at Google Chrome's upcoming link preview feature
Google Chrome gets improved Search suggestions on desktop and mobile

Google Chrome gets improved Search suggestions on desktop and mobile
Google Chrome will soon prevent malicious websites from attacking your home network

Google changes Chrome's "add bookmarks" flow and users are not happy

Previous Post: «
Next Post: «

Comments

There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Advertisement

Hot Discussions

Advertisement

Recently Updated

Latest from Softonic

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2024 - All rights reserved