Monday, December 23, 2024

What Google’s latest move on Entrust certificates means for Chrome users

Must read

When users visit websites that use an Entrust certificate, they’ll get security warnings indicating that the site is not secure

Last week Google announced that its Chrome browser will no longer trust TLS certificates from Entrust starting November 1, 2024.

Google’s decision, it argued, was due to “a pattern of concerning behaviors by Entrust”. Entrust is among the world’s largest digital certificate providers, with customers all over the world.

According to security company AppViewX, Google’s decision will impact a large number of websites. It believes 21 percent of Fortune 1000 companies use certificates from Entrust. Many of these, like banks and ecommerce portals, serve individuals.

Post the deadline, websites that still depend on Entrust “will be marked as distrusted in Google Chrome”, explains Murali Palanisamy, chief solutions officer at AppViewX.

“This poor web experience will not allow the individual to interact, communicate or conduct business with the company,” says Palanisamy. This, he says, will negatively impact its reputation and lead to potential customer churn and revenue loss.

How will it affect users?

Morey Haber, chief security advisor, BeyondTrust, believes Google’s decision on Entrust “marks a significant shift in trusted Internet security”.

He says it’ll impact both individuals, machine to machine automation, and their web experiences. When users visit websites that use an Entrust certificate, they’ll get security warnings indicating that the site is not secure.

Read: Emissions spike 50 percent at Google as AI energy demands undermine sustainability targets

“These warnings are not mere annoyances; they serve as crucial indicators that the connection or website might be compromised,” explains Morey. He says these warnings urge users to proceed with caution or avoid the site altogether. He believes that in many corporate environments, users may be blocked all together from proceeding based on their internet policy.

“This can lead to confusion, frustration, lost productivity, etc. especially for those who do not fully understand the technical nuances behind this dispute,” says Haber.

Alexey Lukatsky, managing director, Positive Technologies, argues that while the situation is unpleasant its impact will be limited. “First of all, it will only affect users of Google Chrome,” explains Lukatsky. “Users of Firefox, Safari and Edge, unless their manufacturers take the same decision, will not even notice anything.”

He says that even Chrome users can ignore these warnings and continue to the site. However, this isn’t something he recommends.

“It can be assumed that users will not visit these sites as often unless the owners switch their Entrust certificate to another service provider, which would be a preferable option for the site owners,” says Lukatsky.

It’s actually a good thing

Haber argues that while the news might seem negative, the enforcement and removal of Entrust could lead to positive results.

“This move underscores the risks and repercussions of allegedly not maintaining the highest standards in certificate issuance and management and ensuring the integrity and security of online communications between every and all public websites,” reasons Haber.

Read: Google and Meta unveil their Nvidia challengers

He believes Google’s decision is a proactive step towards fortifying the security of the Internet. “It highlights the critical role of robust certificate management in safeguarding user data and maintaining the integrity of online interactions.”

At first,  it’ll be a challenge for Chrome users to access some websites. Ultimately though, Morey believes it’ll enhance security and trust in the web if the presented facts are accurate. “Google is technically enhancing the overall security of the Internet.”

In a blog, Todd Wilkinson, president and CEO of Entrust, said that the company is disappointed by Google’s decision.

Although he argues that Google got its facts wrong, he laid out the changes they’ll be making going forward. “We understand what led us here. We are committed to improvement,” said Wilkinson.

That might sound like an admission of guilt, but Morey believes the Google-Entrust saga is just getting started.

“It is, however, to be seen if this step is legal,” says Morey.

He argues that Google’s decision could potentially do significant financial and reputational damage to Entrust. This leads him to speculate that lawsuits between the two will soon make headlines.

For more news on technology, click here.

Latest article