Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Google Adds Certificate Transparency Log for Untrusted CAs

Google announced this week the introduction of a new Certificate Transparency (CT) log for certificate authorities (CAs) that have been removed from trusted root certificate programs and ones that are in the process of being included.

Google announced this week the introduction of a new Certificate Transparency (CT) log for certificate authorities (CAs) that have been removed from trusted root certificate programs and ones that are in the process of being included.

The goal of the Certificate Transparency project is to provide an open framework for monitoring SSL certificates. CT makes it possible to quickly detect certificates that have been issued by mistake or for malicious purposes, and identify rogue CAs.

Google has now decided to expand CT with logs that track previously trusted CAs and new CAs that are in the process of being included in browser-trusted root programs.

The search giant has pointed out that including these CAs in trusted logs can be problematic due to revocation policies and the possibility of cross-signing attacks. That is why the new log, dubbed “submariner,” is not trusted by Chrome, although it is listed in the Known Logs page and has the same API as existing logs.

For the time being, the new CT log includes the certificates chaining up to the root certificates recently discontinued by Symantec, and certificates that are pending inclusion in Mozilla products.

Recommendations for additional certificates that should be included in the new CT log can be sent to google-ct-logs(at)googlegroups.com.

“Everyone is welcome to make use of the log to submit certificates and query data. We hope it will prove useful and help to improve web security,” Martin Smith, CT software engineer at Google, said in a blog post.

Google announced last week that it started tracking the use of HTTPS on the world’s top 100 websites. The new service also includes a certificate transparency feature that allows users and administrators to check the name of the certificate issuer for a specified website.

Advertisement. Scroll to continue reading.

Related Reading: Let’s Encrypt Issues More Than 1 Million Digital Certificates

Related Reading: Amazon Offers Free SSL/TLS Certificates

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.