Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Google Adds Certificate Transparency Log for Untrusted CAs

Google announced this week the introduction of a new Certificate Transparency (CT) log for certificate authorities (CAs) that have been removed from trusted root certificate programs and ones that are in the process of being included.

Google announced this week the introduction of a new Certificate Transparency (CT) log for certificate authorities (CAs) that have been removed from trusted root certificate programs and ones that are in the process of being included.

The goal of the Certificate Transparency project is to provide an open framework for monitoring SSL certificates. CT makes it possible to quickly detect certificates that have been issued by mistake or for malicious purposes, and identify rogue CAs.

Google has now decided to expand CT with logs that track previously trusted CAs and new CAs that are in the process of being included in browser-trusted root programs.

The search giant has pointed out that including these CAs in trusted logs can be problematic due to revocation policies and the possibility of cross-signing attacks. That is why the new log, dubbed “submariner,” is not trusted by Chrome, although it is listed in the Known Logs page and has the same API as existing logs.

For the time being, the new CT log includes the certificates chaining up to the root certificates recently discontinued by Symantec, and certificates that are pending inclusion in Mozilla products.

Recommendations for additional certificates that should be included in the new CT log can be sent to google-ct-logs(at)googlegroups.com.

“Everyone is welcome to make use of the log to submit certificates and query data. We hope it will prove useful and help to improve web security,” Martin Smith, CT software engineer at Google, said in a blog post.

Google announced last week that it started tracking the use of HTTPS on the world’s top 100 websites. The new service also includes a certificate transparency feature that allows users and administrators to check the name of the certificate issuer for a specified website.

Related Reading: Let’s Encrypt Issues More Than 1 Million Digital Certificates

Related Reading: Amazon Offers Free SSL/TLS Certificates

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...