Google has inevitably become its own root Certificate Authority, allowing it to issue digital certificates for its products rather than rely on third party certs to validate Google properties.
To facilitate Google’s position as a root CA, the company said it has acquired existing root CAs from GlobalSign: R2 and R4.
“These Root Certificates will enable us to being independent certificate issuance sooner rather than later,” said Ryan Hurst, a manager in Google’s Security and Privacy Engineering outfit.
Until now, Google has been operating as its own subordinate CA (GIAG2) with SSL and TLS certs issued by a third party for Google products; Hurst said Google will continue to do so.
“Google has obviously been wanting to move to its own infrastructure for a while. There’s no real reason they should continue trusting the legacy CA infrastructure. This gives them a bit more independence. And of course, it means that they alone can issue verifiably ‘Google’ certificates,” said Matthew Green, a professor of cryptography at Johns Hopkins University.
“Although on the flip side they’ve put in place a whole bunch of protections already in products like Chrome that make it hard to impersonate Google properties, so this seems like an incremental move,” Green said.
Google has published the root certificates it manages, and expects developers who build software and applications that need to connect to Google to include the certs as trusted. It also may choose to operate subordinate CAs under third-party operated roots, Hurst said.
“For this reason if you are developing code intended to connect to a Google property, we still recommend you include a wide set of trustworthy roots,” Hurst said.
The fragile state of CAs and certificate management has manifested itself in a number of high-profile mishaps, including a GlobalSign certificate revocation error last fall affecting availability of sites on the web, and a loss of trust in WoSign/StartCom and CNNIC certificates for violations of industry standard practices. Revoking certificates that already live in browsers, operating systems, networking gear and servers is a chore. Google’s entry into the fray as a root CA puts the entire system under greater scrutiny.
“Google engineering has the expertise, maturity and—crucially—the resources to operate a top-level trust like this, but they will no doubt be held to even tighter scrutiny going forward,” said Kenneth White, security researcher and director of the Open Crypto Audit Project. “For example, the significant advances the industry has made with certificate transparency is a double-edged sword. One of the main ‘watchers’ will now be, without having to rely on intermediate 3rd parties, one of the most watched.”
Google has spearheaded Certificate Transparency, a public roll of trusted certs that can be audited and monitored, and announced last October that it would be mandatory later this year.
“Initiatives like Mozilla and EFF’s SSL Observatory, Comodo’s crt.sh, and other public monitoring will be more important than ever,” White said. “The advice to developers is continue to advance current practice with strict transport security (HSTS), certificate pinning where it makes sense, use strong authenticated encryption cipher suites with modern Forward Secret protocols (AEAD, TLS 1.2, SHA-2 or higher), secure cookies, avoiding mixing insecure content, use relatively short duration TLS certificates (90 days vs. 2 or 3 years), and so on.”