Recent changes in the SSL industry

Since the beginning of 2016, there were many interesting events in the SSL industry. In this digest, we will try to cover the most important of them, as well as advise you in regards to the plans of some major certificate authorities and companies.

New security indicators in Google Chrome and Mozilla Firefox

In recent months, Mozilla developers were actively improving and modifying the user interface associated with security and privacy in the Firefox browser. The screenshot shows the changes that have affected output of notifications in the browser address bar.

The first change, which draws attention, is bringing the same general appearance of icons for sites protected by DV certificate and the EV certificate. Historically, in Mozilla Firefox padlock icon for sites protected by DV-certificate was somewhat different in their color theme from the same icons for sites with EV-certificates, which raised many questions from poorly informed user. In the updated version, all inconsistencies were eliminated - icons of locks have become the same.

Changes also affected the sites where the mixed content is loaded. As seen from the screenshot, notice of it have been revised and become more understandable.

Thanks to the new design improvements, users now are able to determine whether to trust the site or avoid it.

Google Chrome also was actively improving. Browser developers are planning to notify their users when the page of the site is insecure (http). Going forward, Google Chrome will mark all unencrypted sites padlock icon with a red cross in the address bar. For this purpose, Google Chrome will mark all padlock icons of unencrypted sites with a red cross in the address bar.

Google makes it clear that the web moves to the full transition to https. Many large companies and organizations supported the initiative, named «Encrypt All The Things», the essence of which boils down to the abandonment of traditional, less secure HTTP protocol and transition to HTTPS.

Google announced plan for a full transition to HTTPS back in 2014. At that time one of the Chrome Security Team members suggested to mark all HTTP-sites as "unsafe".

This change will bring more attention to sites that could be potentially unsafe.

It is currently remains unclear whether marking all HTTP-pages will be implemented by default in Google Chrome. However, now you can test it by typing in the browser "chrome: // flags" and selecting «mark non-secure origins as non-secure».

Symantec will expand their support for Certificate Transparency on the entire line of DV-certificates

Certificate Transparency is a special option that was introduced by Symantec to provide maximum transparency of companies, which have an SSL-certificate. All the information related to the certificate shall be published in special publicly available blogs, which helps protect the business reputation of the company. The site owner can always explore the certificates issued to his domain.

In the first place Certificate Transparency was only available for EV-certificates, however, January 19, 2016 Symantec has expanded its action on OV certificates as well.

Beginning from February 29, 2016, Symantec plans to introduce the support for Certificate Transparency on DV-certificates. This will allow visitors to check whether they are currently visiting trusted site or not. With disabled Certificate Transparency option, sites with DV-certificate will display a notification that the resource is unsafe. This move will consolidate efforts against phishing with DV-certificates.

In the future, Symantec plans to expand infrastructure to support Certificate Transparency.

SAN Wildcard will be added to Symantec Secure Site, Symantec Secure Site Pro, Thawte SSL Web Server and GeoTrust True BusinessID

Soon it will be possible to add Wildcard-characters in the SAN field of any domain name. One certificate can contain up to 100 Wildcard. At the same time SAN Wildcard, costs will be about the same as the costs of individual wildcard-products.

This innovation planned for March 2016.

Other improvements

Some of the other improvements in the SSL industry, which is worth noting:

• Symantec announced increased support SHA2 Full Chain for all products and applications
  
• Introduction ECC Hybrid technology to Symantec Secure Site Pro and Secure Site Pro Wildcard, which allows to achieve improved protection, efficient performance and high scalability.
  

As you can see from these changes, SSL industry is not standing still. In the near future we expect a large-scale transition to HTTPS. The ice broke up - many of the major sites and resources are already using SSL-certificates. Do not stay on the sidelines – get a SSL-certificate from the leading certification authorities today in the LeaderTelecom.