Failing the (En)Trust Fall
The guys discuss Google Chrome’s decision to stop trusting new Entrust certificates.
Entrust Distrusted by Google Chrome
Ned and Chris take a deep dive into the juicy tidbit about Google Chrome throwing Entrust under the bus. They dissect Chrome's decision to cut off new Entrust certificates starting October 31, 2024, all thanks to Entrust’s persistent screw-ups. Their chat covers how digital certificates are supposed to keep our online world secure and how modern tools like ACME and Certbot have made managing certificates way easier than it used to be. The guys also touch on how extended validation certificates have lost their shine and the latest drama with DigiCert's certificate revocations.
Links
• Original Google Security Blog post announcing Entrust distrust (https://security.googleblog.com/2024/...)
• Entrust’s commitment to answering to all of Google’s concerns (https://www.entrust.com/blog/2024/07/...)
• Discussion of an example where Entrust failed to revoke a bad cert (https://bugzilla.mozilla.org/show_bug...)
• DigiCert Certificate Revocations (https://www.cisa.gov/news-events/aler...)
• Post-Recording Update: Mozilla decides to untrust Entrust too (https://www.theregister.com/2024/08/0...)
