Google intends to make changes in its Chrome browser later this year that would have Chrome display a warning on websites using certificates based on the secure hash algorithm, SHA-1. Google wants to do this to get websites migrating to the stronger SHA-2 algorithm for certificates, which is not as easy to break through raw computing power.
Certificate authority vendors are calling Google's plan overly aggressive in its timeframe, and say it's likely to cause mass confusion right as the holiday shopping season commences.
Google's Chrome browser is expected to be changed in the November timeframe so that users will find that when they visit websites that use SHA-1-based certificates, the browser will give them a warning that could surprise them, says Dean Coclin, senior director of business development at Symantec. Coclin is active in two industry groups, the Certificate Authority Browser Forum and the CA Security Forum, which are carefully monitoring Google's plan.
The surprise would be that an updated version of Chrome, when used to reach a website with a SHA-1 certificate, will give the user a "Secure, but minor errors" icon in the form of a lock with a yellow triangle. That is the same icon shown when Chrome detects insecure content in a page but decides to load it anyway.
Ryan Sleevi, senior software engineer at Google, revealed the plan Aug. 20 in a Google online developer forum and it has led to some uproar over the past month. The CA Security Council, which includes the seven largest certificate authorities, expressed its concerns in a statement shortly thereafter.
"Considering many users may still use software lacking SHA-2 support, primarily Windows XP SP2, and the still unknown impact on a complete SHA-1 migration, this 12 week timeframe is aggressive," the group said. "In addition, many devices still lack SHA-2 support, making necessary possibly unplanned and expensive upgrades. With fall shopping season nearly here, this policy may be particularly concerning for small Internet stores, which could be impacted just before the holiday rush." The Council is urging "all website operators to accelerate their SHA-2 deployment where possible."
Google is hardly alone in its desire to see SHA-1 phased out, as the weakness of the SHA-1 algorithm has long been widely recognized.
Jeremy Rowley, vice president of business development at DigiCert, also on the CA Security Forum steering committee, said it's known that massive amounts of computing power could break SHA-1, though it's currently not thought to be practical for most attackers. It's assumed that some organizations, such as spy agencies with a lot of computing resources, probably can do this however. Breaking the SHA-1 hash brings the danger it could be replaced with another, compromising message integrity.
The certificate-authority industry has generally backed the timeline to migrate to SHA-2 announced by Microsoft last year, which calls for deprecation of SHA-1 in code signing certificates by Jan. 1, 2016 and in SSL certificates by Jan. 1, 2017. The certificate authorities would prefer that Google stick with the timeframe set by Microsoft to avoid confusion to website operators and web users.
"Users are thrown into this confusing game with confusing dates," says Rowley. But despite pleas to Google to slow down what's seen as an accelerated timeframe, "they're ignoring us," he says.
In the online forum, Sleevi thanks those who "participated in these spirited discussions, shared data and experience," and the SHA-1 plans he outlines mention "a rough timeline of changes."
Sleevi also noted that Google plans to "monitor user feedback (both manual and automated), feedback from affected vendors, ISVs, and enterprises, feedback from site operators, trends in the overall TLS ecosystem and considerations from CAs with these dates, but these represent real and achievable goals for an effort that began nearly a year ago in force, nearly 3 years ago in spirit, and 9 years after practical weaknesses were demonstrated."