Google said its Chrome browser will stop obtaining trust certificates from both certificate agencies after “a pattern of behavior related to the behavior observed in the past year”, reducing trust in its reliability.
Both organizations, Taiwan-based Chunghwa Telecom and Budapest-based Netlock, are one of dozens of certificate agencies trusted by Chrome and most other browsers, providing digital certificates that encrypt traffic and prove the authenticity of the website. With the ability to cause padlocks that cause the address bar to display padlocks and ensure the trustworthiness of the website, these certificate agencies have significant control over the security of the network.
Inherent risks
“Over the past few months and years, we have observed patterns of compliance failure, unfinished commitment to improvements, and a lack of tangible, measurable progress in response to publicly disclosed incident reports,” a member of Chrome Security Team wrote on Tuesday. “Overall public trust is no longer justified when these factors are taken into account in total and taking into account the inherent risks posed by each openly trusted CA.”
