Entrust certificates will not be trusted in Chrome 127+
The Chrome Root Program Policy is updating trust for Entrust CAs due to compliance issues. Entrust must show improvement to maintain trust. Chrome will oversee changes to safeguard users and the web.
Read original article
The Chrome Root Program Policy is set to make changes regarding Entrust CAs included in the Chrome Root Store due to a pattern of concerning behaviors by Entrust. These behaviors include violations of TLS Baseline Requirements, incomplete incident reporting, and a failure to adopt industry standards. As a result, TLS server authentication certificates from specific Entrust roots will no longer be trusted by default in Chrome 127 and higher if their earliest Signed Certificate Timestamp is after October 31, 2024. Entrust is urged to demonstrate genuine change to regain trust. Chrome will monitor compliance and may accelerate the removal of Entrust's CA certificates if commitments are not met. The decision aims to protect Chrome users and the Internet ecosystem. Gmail's support for Entrust-based VMC certificates, like the Entrust Verified Mark Root Certification Authority - VMCR1 used for BIMI logos, is also questioned in light of these changes.
Related
Vulnerability in Popular PC and Server Firmware
Eclypsium found a critical vulnerability (CVE-2024-0762) in Intel Core processors' Phoenix SecureCore UEFI firmware, potentially enabling privilege escalation and persistent attacks. Lenovo issued BIOS updates, emphasizing the significance of supply chain security.
BeyondCorp (2014)
Google's BeyondCorp approach rethinks enterprise security by moving away from traditional perimeter security to enhance protection in the changing tech environment. Visit the link for more details on this innovative strategy.
More Memory Safety for Let's Encrypt: Deploying ntpd-rs
Let's Encrypt enhances memory safety with ntpd-rs, a secure NTP implementation, part of the Prossimo project. Transitioning to memory-safe alternatives aligns with broader security goals, supported by community and sponsorships.
Sustaining Digital Certificate Security – Entrust Certificate Distrust
Google's Chrome Security Team distrusts specific Entrust certificates due to reliability concerns. Chrome 127 onwards won't trust certain Entrust TLS server authentication certificates dated after October 31, 2024. Website operators should review certificates for compliance.
Chrome will distrust CA certificates from Entrust later this year
Google will stop trusting Entrust CA certificates from November 1, citing compliance failures. Websites using Entrust certs, like moneygram.com and ey.com, must switch to a new CA to avoid security warnings. Enterprise customers can still trust Entrust.
3 commentsA year back I wrote a blog post about other CAs that lost trust: https://alexsci.com/blog/ca-trust/
Related
Vulnerability in Popular PC and Server Firmware
Eclypsium found a critical vulnerability (CVE-2024-0762) in Intel Core processors' Phoenix SecureCore UEFI firmware, potentially enabling privilege escalation and persistent attacks. Lenovo issued BIOS updates, emphasizing the significance of supply chain security.
BeyondCorp (2014)
Google's BeyondCorp approach rethinks enterprise security by moving away from traditional perimeter security to enhance protection in the changing tech environment. Visit the link for more details on this innovative strategy.
More Memory Safety for Let's Encrypt: Deploying ntpd-rs
Let's Encrypt enhances memory safety with ntpd-rs, a secure NTP implementation, part of the Prossimo project. Transitioning to memory-safe alternatives aligns with broader security goals, supported by community and sponsorships.
Sustaining Digital Certificate Security – Entrust Certificate Distrust
Google's Chrome Security Team distrusts specific Entrust certificates due to reliability concerns. Chrome 127 onwards won't trust certain Entrust TLS server authentication certificates dated after October 31, 2024. Website operators should review certificates for compliance.
Chrome will distrust CA certificates from Entrust later this year
Google will stop trusting Entrust CA certificates from November 1, citing compliance failures. Websites using Entrust certs, like moneygram.com and ey.com, must switch to a new CA to avoid security warnings. Enterprise customers can still trust Entrust.