Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Google Chrome Distrusting WoSign and StartCom Certificates
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Google Chrome Distrusting WoSign and StartCom Certificates

Comments

  • FoulFoul Member
    edited November 2016
  • jarjar Patron Provider, Top Host, Veteran

    Worth it's own post IMO.

  • Looks like I'll be switching to Let's Encrypt. Was using startcom just for the wildcard.

  • KuJoeKuJoe Member, Host Rep

    How can a company who's products/services relies so heavily on trust be so shady? I understand that large companies are greedy and driven solely by money but that doesn't mean you have to treat your clients like crap to do it. There are plenty of business models where you can put the clients first and still make a profit, unfortunately greed is stronger than morals and human decency can be replaced with a nice check instead.

    Thanked by 1netomx
  • lbftlbft Member
    edited November 2016

    Due to a number of technical limitations and concerns, Google Chrome is unable to trust all pre-existing certificates while ensuring our users are sufficiently protected from further misissuance. As a result of these changes, customers of WoSign and StartCom may find their certificates no longer work in Chrome 56.

    In subsequent Chrome releases, these exceptions will be reduced and ultimately removed, culminating in the full distrust of these CAs. This staged approach is solely to ensure sites have the opportunity to transition to other Certificate Authorities that are still trusted in Google Chrome, thus minimizing disruption to users of these sites.

    So it sounds like they're going even further than Mozilla - not only are no new certs to be trusted, but only some existing ones and even then only for a limited (unspecified) period of time so people can flee to other CAs.

  • I doubt these are the only CAs that have done shady things, they are just the ones that got caught. The whole CA-based security model is flawed and needs to be revamped.

  • rm_rm_ IPv6 Advocate, Veteran

    KuJoe said: How can a company who's products/services relies so heavily on trust be so shady? I understand that large companies are greedy and driven solely by money but that doesn't mean you have to treat your clients like crap to do it.

    Well it's Google, what do you expect. :)

    lbft said: So it sounds like they're going even further than Mozilla - not only are no new certs to be trusted, but only some existing ones and even then only for a limited (unspecified) period of time so people can flee to other CAs.

    Yeah that sucks, may have to end my hold-out on WoSign after all.

  • netomxnetomx Moderator, Veteran

    I don't know why you ppl are against these, why will you trust on a CA that has given malicious certs?

    Thanked by 1Dylan
  • KuJoeKuJoe Member, Host Rep

    @rm_ said:
    Well it's Google, what do you expect. :)

    My comment was towards WoSign/StartCom

    @netomx said:
    I don't know why you ppl are against these, why will you trust on a CA that has given malicious certs?

    I support Google here, WoSign/StartCom can DIAF.

    Thanked by 3netomx MikeA Darwin
  • Google had beef with the owners of norton for creating google.com SSLs for their own use without gaining permission from google.

  • Plus they only distrust new certs. (But intend to remove old by the wording). Anyone with a wosign cert. PP dispute and move on

  • jenkkijenkki Member
    edited November 2016

    Money talks, all browsers US based and easy to deal with it.

Sign In or Register to comment.