Skip to main content
Instapage

Google Chrome SSL certificate proposal could affect millions of websites

Last year, the developers behind Google’s Chrome browser began taking steps designed to protect users and encourage companies to use HTTPS.

But now, potentially millions of websites that use SSL certificates issued by Symantec and affiliated resellers could find that their certificates are effectively worthless as far as Chrome is concerned, after a member of the Chrome team published a proposal that would make them untrusted over the next 12 months.

The reason? According to the Google Chrome team, Symantec has not properly validated thousands of certificates. In fact, the Chrome team claims that “an initial set of reportedly 127 [misissued] certificates has expanded to include at least 30,000 [misissued] certificates, issued over a period spanning several years.”

Ryan Sleevi, the Chrome team member who wrote the announcement, elaborated,

“This is also coupled with a series of failures following the previous set of misissued certificates from Symantec, causing us to no longer have confidence in the certificate issuance policies and practices of Symantec over the past several years.”

Under the proposal he put forth, the accepted validity period of newly-issued Symantec to nine months or less, and an “incremental distrust” of currently-trusted certificates and removal of recognition of Extended Validation status of Symantec-issued certificates.

A nightmare scenario?

Symantec is the currently the largest Certificate Authority (CA) and by some estimates, has issued a third of the SSL certificates in use on the web.

So if the Google Chrome team moves forward with its proposal, it will have a huge impact on Symantec and its customers. Symantec would have to reissue potentially millions of certificates, creating a huge headache for customers, who would have to go through the validation process and install replacement certificates.

What’s more, under the Chrome team’s proposal, Chrome would immediately remove the status indicators for Extended Validation certificates issued by Symantec.

These certificates, which require companies to provide greater verification that they are who they say they are, are often used by companies running websites that absolutely need to use HTTPS, such as those that handle payments and financial transactions.

Extended Validation certificates are more costly, and one of the justifications for the greater cost is the fact that most browsers display indicators for websites that use them. If those indicators go away, it could theoretically harm companies that have relied on these indicators to signal trust to their users.

Not surprisingly, given the gravity of the situation, Symantec is disputing the Chrome team’s claims about certificate misissuances. In a response, it called the Chrome team’s proposal “irresponsible” and said the allegations leveled at it are “exaggerated and misleading.”

Symantec is open to working with the Google Chrome team and while it’s reasonable to hope that both parties will identify a satisfactory resolution that averts disruption, companies with certificates issued by Symantec will want to monitor the situation as it develops.



via Search Engine Watch

Comments

Popular posts from this blog

6 types of negative SEO to watch out for

The threat of negative SEO is remote but daunting. How easy is it to for a competitor to ruin your rankings, and how do you protect your site? But before we start, let’s make sure we’re clear on what negative SEO is, and what it definitely isn’t.Negative SEO is a set of activities aimed at lowering a competitor’s rankings in search results. These activities are more often off-page (e.g., building unnatural links to the site or scraping and reposting its content); but in some cases, they may also involve hacking the site and modifying its content.Negative SEO isn’t the most likely explanation for a sudden ranking drop. Before you decide someone may be deliberately hurting your rankings, factor out the more common reasons for ranking drops. You’ll find a comprehensive list here.Negative off-page SEOThis kind of negative SEO targets the site without internally interfering with it. Here are the most common shapes negative off-page SEO can take.Link farmsOne or two spammy links likely won’…

Another SEO tool drops the word “SEO”

This guest post is by Majestic’s Marketing Director, Dixon Jones, who explains the reasons for their recent name change.
Majestic, the link intelligence database that many SEOs have come to use on a daily basis, has dropped the “SEO” from it’s brand and from its domain name, to become majestic.com. Since most people won’t have used Google’s site migration tool before, here’s what it looks like once you press the “go” button:

In actual fact – there’s a minor bug in the tool. The address change is to the https version of majestic.com (which GWT makes us register as a separate site) but that message incorrectly omits that. Fortunately, elsewhere in GWT its clear the omission is on Google’s side, not a typo from the SEO. It is most likely that the migration tool was developed before the need for Google to have separate verification codes for http and https versions of the site.
The hidden costs of a name change
There were a few “nay sayers” on Twitter upset that Majestic might be deserting it…

What will happen to influencer marketing if Instagram ‘Likes’ go away?

In April, app researcher Jane Manchun Wong discovered Instagram was testing removing “Like” counts on posts. At the time, an Instagram spokesperson told TechCrunch it was not a public test, but an internal prototype and that the company was “exploring” new ways to reduce pressure on Instagram.The possibility that Instagram – a primary platform for influencer marketing – may potentially eliminate “Likes” could impact the influencer community, causing brands to question whether or not an influencer has enough sway to contribute to the brand’s marketing efforts. Without an outward facing metric such as “Likes,” influencers would have to rely on other resources to prove their content is worthwhile – once such resource: influencer marketing agencies.Good news for agencies“I do see it as a good thing for influencer marketing agencies and platform providers,” said Leah Logan, VP of media product strategy and marketing for Collective Bias.Logan’s influencer marketing agency works with a numbe…