Google’s Plan for Chrome Worries Certificate Authority Vendors
Google intends to make changes in its Chrome browser later this year that would have Chrome display a warning on websites using certificates based on the secure hash algorithm, SHA-1. Google wants to do this to get websites migrating to the stronger SHA-2 algorithm for certificates, which is not as easy to break through raw computing power.
Certificate authority vendors are calling Google’s plan overly aggressive in its timeframe, and say it’s likely to cause mass confusion right as the holiday shopping season commences.
Google’s Chrome browser is expected to be changed in the November timeframe so that users will find that when they visit websites that use SHA-1-based certificates, the browser will give them a warning that could surprise them, says Dean Coclin, senior director of business development at Symantec. Coclin is active in two industry groups, the Certificate Authority Browser Forum and the CA Security Forum, which are carefully monitoring Google’s plan.
More: Google’s Plan for Chrome Worries Certificate Authority Vendors