Google Chrome will use its own Root Store in the future

[harlan4096]

Google plans to transition from using the operating system's Root Store to the Chrome Root Store, that is maintained by Google and included in the Chrome browser.

Google Chrome uses the operating system's Root Store currently to access Certification Authorities (CA). All operating systems maintain a list of root certificates that the operating system and applications that run on it use for various purposes.

The browser uses these to establish secure connections to websites, and to determine the authenticity of a site.

Google wants to transition away from using the operating system's Root Store for verification purposes; one of the main reasons for doing so is to ensure that the same root certificates are available on all platforms the browser is compatible with.
 

This will ensure users have a consistent experience across platforms, that developers have a consistent understanding of Chrome's behavior, and that Chrome will be better able to protect the security and privacy of users' connections to websites.

The exception to the rule is Apple's iOS operating system as it prevents Chrome and other third party programs from using their own Root Stores.

Chrome on all other supported platforms, namely Windows, Linux, Mac OS X, Android and Chrome OS will be transitioned to its own Root Store.

Google has selected a number of Certification Authorities for inclusion in the Transitional Root Store. Some of these were picked based on their reliability and performance in the past to promote "interoperability on different devices and platforms" and to minimize compatibility issues.

Google used public and verified information, such as information from Mozilla's Common CA Certificate Database, to verify Certification Authorities.

Certification Authorities that have not been selected by Google may request inclusion by following a procedure outlined on this page on the Google website.

Google is not the first company that introduces its own Root Store in its browser. Mozilla switched to its own Root Store in the past in the organization's Firefox web browser, for very much the reasons that Google is highlighting. Browser makers get more control over the Certification Authorities that the browser trusts, and may react quicker to security or privacy issues than was the case in the past.

Firefox includes options to use the operating system's Certificate Store instead of the browser's one through policies.

The transition to its own Root Store will add more to the workload of administrators, provided that Chrome is used by the organization. For users, not much will change provided that the transition is smoothly.

Now You: What is your take on the change? Do you check certificates and Root Stores on your devices?
...

Continue Reading