Skip to main content
Instapage

Google Chrome SSL certificate proposal could affect millions of websites

Last year, the developers behind Google’s Chrome browser began taking steps designed to protect users and encourage companies to use HTTPS.

But now, potentially millions of websites that use SSL certificates issued by Symantec and affiliated resellers could find that their certificates are effectively worthless as far as Chrome is concerned, after a member of the Chrome team published a proposal that would make them untrusted over the next 12 months.

The reason? According to the Google Chrome team, Symantec has not properly validated thousands of certificates. In fact, the Chrome team claims that “an initial set of reportedly 127 [misissued] certificates has expanded to include at least 30,000 [misissued] certificates, issued over a period spanning several years.”

Ryan Sleevi, the Chrome team member who wrote the announcement, elaborated,

“This is also coupled with a series of failures following the previous set of misissued certificates from Symantec, causing us to no longer have confidence in the certificate issuance policies and practices of Symantec over the past several years.”

Under the proposal he put forth, the accepted validity period of newly-issued Symantec to nine months or less, and an “incremental distrust” of currently-trusted certificates and removal of recognition of Extended Validation status of Symantec-issued certificates.

A nightmare scenario?

Symantec is the currently the largest Certificate Authority (CA) and by some estimates, has issued a third of the SSL certificates in use on the web.

So if the Google Chrome team moves forward with its proposal, it will have a huge impact on Symantec and its customers. Symantec would have to reissue potentially millions of certificates, creating a huge headache for customers, who would have to go through the validation process and install replacement certificates.

What’s more, under the Chrome team’s proposal, Chrome would immediately remove the status indicators for Extended Validation certificates issued by Symantec.

These certificates, which require companies to provide greater verification that they are who they say they are, are often used by companies running websites that absolutely need to use HTTPS, such as those that handle payments and financial transactions.

Extended Validation certificates are more costly, and one of the justifications for the greater cost is the fact that most browsers display indicators for websites that use them. If those indicators go away, it could theoretically harm companies that have relied on these indicators to signal trust to their users.

Not surprisingly, given the gravity of the situation, Symantec is disputing the Chrome team’s claims about certificate misissuances. In a response, it called the Chrome team’s proposal “irresponsible” and said the allegations leveled at it are “exaggerated and misleading.”

Symantec is open to working with the Google Chrome team and while it’s reasonable to hope that both parties will identify a satisfactory resolution that averts disruption, companies with certificates issued by Symantec will want to monitor the situation as it develops.



via Search Engine Watch

Comments

Popular posts from this blog

How to Get SMS Alerts for Gmail via Twitter

How do you get SMS notifications on your mobile phone for important emails in your Gmail? Google doesn’t support text notifications for their email service but Twitter does. If we can figure out a way to connect our Twitter and Gmail accounts, the Gmail notifications can arrive as text on our mobile via Twitter. Let me explain:Twitter allows you to follow any @user via a simple SMS. They provide short codes for all countries (see list) and if you text FOLLOW to this shortcode following by the  username, any tweets from that user will arrive in your phone as text notifications. For instance, if you are in the US, you can tweet FOLLOW labnol to 40404 to get my tweets as text messages. Similarly, users in India can text FOLLOW labnol to 9248948837 to get the tweets via SMS.The short code service of Twitter can act as a Gmail SMS notifier. You create a new Twitter account, set the privacy to private and this account will send a tweet when you get a new email in Gmail. Follow this account …

Instagram Story links get 15-25% swipe-through rates for brands, publishers

Instagram may arrived late as a traffic source for brands and publishers, but it’s already showing early signs of success, driving new visitors to their sites and even outperforming its parent company, Facebook.For years brands, publishers and other have tried to push people from the Facebook-owned photo-and-video-sharing app to their sites. Outside of ads and excepting a recent test with some retailers, Instagram didn’t offer much help to companies looking to use it to drive traffic. So they had to find workarounds. They put links in their Instagram bios. They scrawled short-code URLs onto their pictures. And they typed out links in their captions.Then last month Instagram finally introduced an official alternative to these hacky workarounds: the ability for verified profiles to insert links in their Instagram Stories.Almost a month after the launch, 15% to 25% of the people who see a link in an Instagram Story are swiping on it, according to a handful of brands and publishers that h…

Five great tools to improve PPC ads

Every digital marketer wants to reach the top position on the search engine results. However, if you’ve recently launched a new website or your niche is saturated, starting with paid search ads sounds like a good idea.Strategically created PPC campaigns can drive leads, sales or sign-ups to your websites. You know what? In fact, businesses earn an average of $8 for every dollar they spend on Google Ads.Optimizing PPC campaigns is not easy, but it’s very powerful if you do it properly. Just like SEO, it is essential to conduct extensive keyword research, optimize ad copy, and design high-converting landing pages.Fortunately, there are a lot of effective PPC tools that will help you analyze your competitors’ PPC strategies, figure out tricks in their campaigns, and improve your PPC campaigns.If you are ready to take an evolutionary leap in your PPC advertising, take a look at my list of five amazing tools to save you time, give you crucial insights, and raise money for your business.Fiv…