One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8300952 |
| Date de publication | 2023-01-13 12:29:06 (vue: 2023-01-13 19:12:03) |
| Titre | Sustaining Digital Certificate Security - TrustCor Certificate Distrust |
| Texte | Posted by Chrome Root Program, Chrome Security Team Note: This post is a follow-up to discussions carried out on the Mozilla “Dev Security Policy” Web PKI public discussion forum Google Group in December 2022. Google Chrome communicated its distrust of TrustCor in the public forum on December 15, 2022.The Chrome Security Team prioritizes the security and privacy of Chrome's users, and we are unwilling to compromise on these values. Google includes or removes CA certificates within the Chrome Root Store as it deems appropriate for user safety in accordance with our policies. The selection and ongoing inclusion of CA certificates is done to enhance the security of Chrome and promote interoperability. Behavior that attempts to degrade or subvert security and privacy on the web is incompatible with organizations whose CA certificates are included in the Chrome Root Store. Due to a loss of confidence in its ability to uphold these fundamental principles and to protect and safeguard Chrome's users, certificates issued by TrustCor Systems will no longer be recognized as trusted by: Chrome versions 111 (landing in Beta approximately February 9, 2023 and Stable approximately March 7, 2023) and greater; and Older versions of Chrome capable of receiving Component Updates after Chrome 111's Stable release date. This change was first communicated in the Mozilla “Dev Security Policy” Web PKI public discussion forum Google Group on December 15, 2022. This change will be implemented via our existing mechanisms to respond to CA incidents via: An integrated certificate blocklist, and Removal of certificates included in the Chrome Root Store. Beginning approximately March 7, 2023, navigations to websites that use a certificate that chains to one of the roots detailed below will be considered insecure and result in a full page certificate error interstitial. Affected Certificates (SHA-256 fingerprint): d40e9c86cd8fe468c1776959f49ea774fa548684b6c406f3909261f4dce2575c 0753e940378c1bd5e3836e395daea5cb839e5046f1bd0eae1951cf10fec7c965 5a885db19c01d912c5759388938cafbbdf031ab2d48e91ee15589b42971d039c This change will be integrated into the Chromium open-source project as part of a default build. Questions about the expected behavior in specific Chromium-based browsers should be directed to their maintainers. This change will be incorporated as part of the regular Chrome release process to ensure sufficient time for testing and replacing affected certificates by website operators. Information about release timetables and milestones is available at https://chromiumdash.appspot.com/schedule. Beginning approximately February 9, 2023, website operators can preview these changes in Chrome 111 Beta. Website operators will also be able to preview the change sooner, using our Dev and Canary channels. The majority of users will not encounter behavior changes until the release of Chrome 111 to the Stable channel, approximately March 7, 2023. Summarizing security response of other Google products: Android has removed TrustCor's root CA certificates from th |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 0753e940378c1bd5e3836e395daea5cb839e5046f1bd0eae1951cf10fec7c965 111 2022 2023 256 5a885db19c01d912c5759388938cafbbdf031ab2d48e91ee15589b42971d039c ability able about above accordance action affected after also android appropriate approximately appspot are attempts available based beginning behavior below beta blocklist browsers build by: can canary capable carried certificate certificates chains change changes channel channels chrome chromium com/schedule communicated component compromise confidence considered d40e9c86cd8fe468c1776959f49ea774fa548684b6c406f3909261f4dce2575c date december deems default degrade described detailed dev digital directed discussion discussions distrust done due encounter enhance ensure error existing expected february finalizing fingerprint first follow forum from full fundamental future gmail google greater; group has https://chromiumdash implemented incidents included includes inclusion incompatible incorporated information insecure integrated interoperability interstitial issued its landing longer loss made maintainers majority march mechanisms milestones mozilla navigations not note: older one ongoing open operating operators organizations other out page part pki plan platform policies policy” post posted preview principles prioritizes privacy process products: program project promote protect public questions receiving recognized regular release removal removed removes replacing respond response result root roots safeguard safety security selection set sha shipping should similar sooner source specific stable store subvert sufficient summarizing sustaining system systems team testing these time timeline timetables trustcor trusted until unwilling updates uphold use user users using values versions via: web website websites whose will within “dev |
| Tags | |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.