Google has announced that they are rolling out Google Trust Services in order to help bring security and authentication certificates, one of the cornerstones of web security, up to par with their own rigorous security standards. One type of security certificate that’s fairly common on the web is a root certificate, which is an authentication certificate issued by a trusted authority, somebody who is trusted to verify that a certificate holder such as a website or domain is who they say that they are. Since getting everything set up to embed and issue root certificates takes a while, Google has kickstarted the process by buying up two existing authorities, GlobalSign R2 and R4. The opening of Google Trust Services marks the first time that Google will be issuing root certificates to third parties, let alone by way of a dedicated authority.
For the time being, Google is going to continue operating their existing GIAG2 certificate authority on a transitional basis. Google has included a table of root certificate types that they will be operating going forward, and when their current claim to those types expires. This, of course, means that webmasters and developers creating anything that connects to Google services or servers in any way will have to include all of the certificates listed. This includes web pages, apps, and even hardware devices.
This effort is part of Google’s ongoing push to make the web a bit more secure, which includes their efforts to essentially invalidate the old, insecure HTTP standard in Chrome, and depreciate Adobe Flash, a web program known to be insecure, and a resource hog. In essence, Google is trying to do in the web security space what T-Mobile has done in the wireless space, which is to force change by implementing the change themselves and using their influence to hold their own standards and practices above those of competitors. The difference is that unlike T-Mobile, Google is not a maverick in this mission, and they’re certainly not alone – Mozilla, for example, is walking this path by their side in the form of mimicking Chrome’s security-minded features in their own Firefox browser, a popular option with those who decide against using Chrome or Chromium in order to avoid handing over their data to Google, and being among the first to support and subscribe to Google’s standards.
