Two certificate authorities booted from the good graces of Chrome
1 min read
Summary
Google has announced that it will be ceasing to trust digital certificates from two certificate authorities (CAs), Chunghwa Telecom and Netlock, due to ‘patterns of concerning behaviour’ and failures to comply with established internet security standards.
Certificate authorities are responsible for providing cryptographic certificates to websites, to ensure traffic encryption and authentic webpages.
This decision means that these two organisations will no longer be able to provide digital certificates via Chrome, greatly impacting their customers as they will no longer be able to receive security updates or fix vulnerabilities.
It is concerning that these two organisations are the first to be tackled in Google’s effort against ‘patterns of concerning behaviour’, and highlights the multitude of CAs that may be accountable for potential widespread vulnerabilities in the future.
Especially in light of the Log4j vulnerability that has affected organizations such as Nvidia and Apple, many businesses are now considering the potential risks posed by external parties, and the companies that they are reliant on.
It is likely that more organisations, and not just CAs, will be under increased scrutiny in response to these high-profile incidents.
