Put your trust in knowing untrusted certificate authorities

Put your trust in knowing untrusted certificate authorities

Confidence in browsing the web or conducting online transactions depends on the veracity of digital certificates that are issued by certificate authorities (CAs) to help ensure secure Internet connections. While it’s important to know which CAs can be trusted, Google has started to maintain a list of untrusted CAs, which it’s calling Submariner.

The company’s logs initially included just browser-trusted CAs, but Google wanted to include CAs that were once trusted and have since been withdrawn from root programs, as well as  new CAs that are on the path to inclusion in browser trusted roots.  The company believes these CAs’ activities are still useful to keep track of.

Submariner will provide a public record of certificates that are not accepted by existing Google-operated logs. Google also wants third parties to suggest additional roots for potential inclusion in Submariner.

Both the good and bad of CAs have been on display the last year. A site launched in December, called Let’s Encrypt, allows webmasters to easily obtain free and automated HTTPS certificates. There have also been misused and compromised CAs, including Google having to block fraudulent certificates it found in Chrome. So having a place that people can check to see what’s happening on the untrusted side of CAs is a good balance.

About the Author

Brian Robinson is a freelance technology writer for GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected