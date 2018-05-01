Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Starting Today, Google Chrome Will Show Warnings for Non-Logged SSL Certificates (bleepingcomputer.com) 40

Posted by msmash from the taking-a-stand dept.
Starting today, Google Chrome will show a full-page warning whenever users are accessing an HTTPS website that's using an SSL certificate that has not been logged in a public Certificate Transparency (CT) log. From a report: By doing so, Chrome becomes the first browser to implement support for the Certificate Transparency Log Policy. Other browser makers have also agreed to support this mechanism in the future, albeit they have not provided more details. This new policy was first proposed by Google engineers in 2016, and was scheduled to enter into effect in October 2017, but was later delayed for 2018.

  • You'll need an SPF record ... oh, and DKIM ... oh yeah, and DMARC ...

  • This seems more and more like an effort to compel website owner/operators to buy into the SSL certificate scheme.

    Revenue.

    • All websites with a fully qualified domain name qualify for a domain-validated certificate without charge from Let's Encrypt. Every certificate that Let's Encrypt issues is logged in CT.

      • Re: (Score:2)

        by Holi ( 250190 )
        Does Let's Encrypt verify identity, I can't find anything on their site about it.

        If a CA is not verifying identity then what use is their certificate?

  • internal apps / ipmi / other things that are not online don't need real certs much less running let's LetsEncrypt with ports open so that runs.

  • A lot of people, including myself use LetsEncrypt on a CPanel based hosting account to generate certs for a website.

    Are those local, self-signed certificates or something that is registered somewhere? I'd never really paid attention since it just worked and was one less thing to deal with.

    Since it's not retroactive there is no problem now, but wondering what will happen when I generate new certs going forward.

    • A lot of people, including myself use LetsEncrypt on a CPanel based hosting account to generate certs for a website.

      Are those local, self-signed certificates or something that is registered somewhere?

      You could answer that question with five seconds on a search engine. Google Search for let's encrypt certificate transparency produces, as its first result, a document [letsencrypt.org] stating the following: "We submit all certificates to Certificate Transparency logs as we issue them."

    • Re: (Score:2)

      by kiviQr ( 3443687 )
      LetsEncrypt submits all certificates as they issue them: https://letsencrypt.org/certif... [letsencrypt.org] More details in cert transparency: https://www.certificate-transp... [certificat...arency.org]

