• AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    2
    ·
    5 months ago

    This is the best summary I could come up with:


    From November 1 in Chrome 127, which recently entered beta, TLS server authentication certificates validating to Entrust or AffirmTrust roots won’t be trusted by default.

    The incidents have “eroded confidence in [Entrust’s] competence, reliability, and integrity as a publicly trusted CA owner,” Google stated in a blog.

    “Certification authorities serve a privileged and trusted role on the internet that underpin encrypted connections between browsers and websites,” Google said.

    "Over the past six years, we have observed a pattern of compliance failures, unmet improvement commitments, and the absence of tangible, measurable progress in response to publicly disclosed incident reports.

    Tim Callan, chief experience officer at Sectigo, said in an email to The Reg that the news serves as a reminder to CAs that they must hold themselves to the standards the industry expects of them.

    A spokeperson at Entrust sent a statement to The Register: "The decision by the Chrome Root Program comes as a disappointment to us as a long-term member of the CA/B Forum community.


    The original article contains 647 words, the summary contains 166 words. Saved 74%. I’m a bot and I’m open source!