Put your trust in knowing untrusted certificate authorities

Put your trust in knowing untrusted certificate authorities

Confidence in browsing the web or conducting online transactions depends on the veracity of digital certificates that are issued by certificate authorities (CAs) to help ensure secure Internet connections. While it’s important to know which CAs can be trusted, Google has started to maintain a list of untrusted CAs, which it’s calling Submariner.

The company’s logs initially included just browser-trusted CAs, but Google wanted to include CAs that were once trusted and have since been withdrawn from root programs, as well as  new CAs that are on the path to inclusion in browser trusted roots.  The company believes these CAs’ activities are still useful to keep track of.

Submariner will provide a public record of certificates that are not accepted by existing Google-operated logs. Google also wants third parties to suggest additional roots for potential inclusion in Submariner.

Both the good and bad of CAs have been on display the last year. A site launched in December, called Let’s Encrypt, allows webmasters to easily obtain free and automated HTTPS certificates. There have also been misused and compromised CAs, including Google having to block fraudulent certificates it found in Chrome. So having a place that people can check to see what’s happening on the untrusted side of CAs is a good balance.

About the Author

Brian Robinson is a freelance technology writer for GCN.


  • 2020 Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected