Security Blog
The latest news and insights from Google on security and safety on the Internet
Certificate Transparency for Untrusted CAs
21 Mart 2016
Posted by Martin Smith, Software Engineer, Certificate Transparency
Today we are announcing a new Certificate Transparency log for a new set of root certificates: those that were once or are not yet trusted by browsers.
Certificate Transparency
(CT) data has a number of different uses, including protecting users from mis-issued certificates and providing webmasters and other interested parties with a public record of what certificates have been issued for domains.
Initially
, our logs included browser-trusted Certificate Authorities (CAs). However, there are two main classes of CA that can’t easily be included in the existing logs:
Those that were once trusted and have since been withdrawn from the root programs.
New CAs that are on the path to inclusion in browser trusted roots.
Including these in trusted logs is problematic for several reasons, including uncertainties around revocation policies and the possibility of cross-signing attacks being attempted by malicious third-parties.
However, visibility of these CAs’ activities is still useful, so we have created a new CT log for these certificates. This log will not be trusted by Chrome, and will provide a public record of certificates that are not accepted by the existing Google-operated logs.
The new log is accessible at
ct.googleapis.com/submariner
and is listed on our
Known Logs
page. It has the same API as the existing logs.
Initially, Submariner includes certificates chaining up to the set of root certificates that
Symantec
recently announced it had discontinued, as well as a
collection of additional roots
suggested to us that are pending inclusion in Mozilla.
Once Symantec’s affected certificates are no longer trusted by browsers, we will be withdrawing them from the trusted roots accepted by our existing logs (Aviator, Pilot, and Rocketeer).
Third parties are invited to suggest additional roots for potential inclusion in the new log by email to
google-ct-logs@googlegroups.com
.
Everyone is welcome to make use of the log to submit certificates and query data. We hope it will prove useful and help to improve web security.
Hiç yorum yok :
Yorum Gönder
Etiketler
#sharethemicincyber
#supplychain #security #opensource
AI Security
android
android security
android tr
app security
big data
biometrics
blackhat
C++
chrome
chrome enterprise
chrome security
connected devices
CTF
diversity
encryption
federated learning
fuzzing
Gboard
google play
google play protect
hacking
interoperability
iot security
kubernetes
linux kernel
memory safety
Open Source
pha family highlights
pixel
privacy
private compute core
Rowhammer
rust
Security
security rewards program
sigstore
spyware
supply chain
targeted spyware
tensor
Titan M2
VDP
vulnerabilities
workshop
Archive
2025
Haz
May
Nis
Mar
Şub
Oca
2024
Ara
Kas
Eki
Eyl
Ağu
Tem
Haz
May
Nis
Mar
Şub
Oca
2023
Ara
Kas
Eki
Eyl
Ağu
Tem
Haz
May
Nis
Mar
Şub
Oca
2022
Ara
Kas
Eki
Eyl
Ağu
Tem
Haz
May
Nis
Mar
Şub
Oca
2021
Ara
Kas
Eki
Eyl
Ağu
Tem
Haz
May
Nis
Mar
Şub
Oca
2020
Ara
Kas
Eki
Eyl
Ağu
Tem
Haz
May
Nis
Mar
Şub
Oca
2019
Ara
Kas
Eki
Eyl
Ağu
Tem
Haz
May
Nis
Mar
Şub
Oca
2018
Ara
Kas
Eki
Eyl
Ağu
Tem
Haz
May
Nis
Mar
Şub
Oca
2017
Ara
Kas
Eki
Eyl
Tem
Haz
May
Nis
Mar
Şub
Oca
2016
Ara
Kas
Eki
Eyl
Ağu
Tem
Haz
May
Nis
Mar
Şub
Oca
2015
Ara
Kas
Eki
Eyl
Ağu
Tem
Haz
May
Nis
Mar
Şub
Oca
2014
Ara
Kas
Eki
Eyl
Ağu
Tem
Haz
Nis
Mar
Şub
Oca
2013
Ara
Kas
Eki
Ağu
Haz
May
Nis
Mar
Şub
Oca
2012
Ara
Eyl
Ağu
Haz
May
Nis
Mar
Şub
Oca
2011
Ara
Kas
Eki
Eyl
Ağu
Tem
Haz
May
Nis
Mar
Şub
2010
Kas
Eki
Eyl
Ağu
Tem
May
Nis
Mar
2009
Kas
Eki
Ağu
Tem
Haz
Mar
2008
Ara
Kas
Eki
Ağu
Tem
May
Şub
2007
Kas
Eki
Eyl
Tem
Haz
May
Feed
Follow @google
Follow
Give us feedback in our
Product Forums
.
Follow
Hiç yorum yok :
Yorum Gönder