3175x175(CURRENT).thumb.jpg.b05acc060982b36f5891ba728e6d953c.jpg)
Chunghwa Telecom and Netlock customers must look elsewhere for new certificates.
Google says its Chrome browser will stop trusting certificates from two certificate authorities after “patterns of concerning behavior observed over the past year” diminished trust in their reliability.
The two organizations, Taiwan-based Chunghwa Telecom and Budapest-based Netlock, are among the dozens of certificate authorities trusted by Chrome and most other browsers to provide digital certificates that encrypt traffic and certify the authenticity of sites. With the ability to mint cryptographic credentials that cause address bars to display a padlock, assuring the trustworthiness of a site, these certificate authorities wield significant control over the security of the web.
Inherent risk
“Over the past several months and years, we have observed a pattern of compliance failures, unmet improvement commitments, and the absence of tangible, measurable progress in response to publicly disclosed incident reports,” members of the Chrome security team wrote Tuesday. “When these factors are considered in aggregate and considered against the inherent risk each publicly-trusted CA poses to the internet, continued public trust is no longer justified.”
According to Ryan Hurst, a researcher with over two decades of experience working with certificate authorities, such certificate distrust events occur about once every 15 months. The reasons for the revocations vary widely.
Hurst provided the following graph tracking the frequency of reasons for past events:
Google cited no specific incidents. Hurst, however, said past offenses included:
- Netlock failing to disclose an intermediate CA Certificate to the Common CA Database over a span of more than one year.
- Netlock failing to revoke a misissued certificate.
- Netlock failing to provide mandated weekly updates concerning a security incident.
- Chunghwa Telecom delaying revocation of a misissued certificate.
- Chunghwa Telecom misissuing 247 certificates with incorrect subject domain name structures.
Chrome will stop trusting all certificates issued by Chunghwa Telecom and Netlock after July 31. Certificates issued after that date will, by default, display an error page on Chrome. The delay is designed to give those organizations' customers time to find new certificate authorities. Representatives from both organizations didn't respond to emails requesting comment.
Hope you enjoyed this news post.
Thank you for appreciating my time and effort posting news every day for many years.
News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of May): 2,377
RIP Matrix | Farewell my friend
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.