Serving technology enthusiasts for more than 25 years. TechSpot is the place to go for tech advice and analysis you can trust.
The Big Picture: With a market share exceeding 66 percent, Chrome is the most popular browser on all platforms and devices. It is obvious that every change Google makes in its proprietary browser will have an impact on all major players within the web ecosystem. Google announced two major initiatives to enhance web security. The ultimate goal is to make encryption and certificate management more reliable, resilient and resistant against cybercrime. These new features are part the Chrome Root Programwhich, according Google, demonstrates its commitment to strengthening online safety through its Chrome browser. Google, the world’s largest browser vendor, is motivated to improve web security by encouraging industry groups to adopt its proposed standards. The latest changes by the search and advertising giant concern the CA/Browser Forum. This cross-industry organization establishes the baseline requirements for issuing TLS certificate.
TLS connection, which enables encrypted HTTPS protocols are the backbone for modern web security. Cybercriminals are always looking for ways to circumvent the protections. Google has proposed two measures to counter this: Multi-Perspective Issue Corroboration (MPIC), and an automated vetting procedure known as “linting.”
. Google explained that MPIC improves existing methods of validating domain validity before a Certificate Authority releases a new TLS Certificate. The current process “domain control validation,” is vulnerable to being exploited by various means, which could lead to certificate fraud. MPIC is designed to mitigate these risks through the introduction of additional verification perspectives.
While MPIC prevents fraudulent certificates from being emitted, linting adds an additional layer of protection by analyzing X.509 certificate for potential issues. The X.509 format defines public key certificates, and is a critical part of the TLS protocol. CAs can use linting to verify that a certificate has been formatted correctly for its intended purpose, such as website verification.
Linting identifies certificates that are insecure and rely on outdated or weak encryption technologies. This enhances security, while ensuring interoperability among CAs by adhering to industry standards. Google stated that the linting can be implemented by various open-source project, including certlint, pkilint, x509lint, and zlint. In a recent CA/Browser Forum, the company received unanimous support for linting. The technology will be required for all new public certificates issued to CAs starting March 15, 2025.
