Why certain P2P sites may soon become inaccessible in Chrome
Jul 31, 2017 11:49:08 GMT
JamesFrance, kermie, and 15 more like this
Post by isecguy on Jul 31, 2017 11:49:08 GMT
Hi Folks,
Most of you may be unaware of this, but earlier this year the Google Chrome Team found some serious failings in the way that Symantec had been issuing SSL certificates to websites (SSL certificates are what allow us to access websites over https instead of insecure http). As a result, Google have publicly stated that they intend to soon start blocking websites in Chrome that use security certificates issued by Symantec (and their affiliates, GeoTrust, RapidSSL, and Thawte) that are older than certain ages.
Specifically, after August 31st, Chrome 60 will begin blocking security certificates issued by Symantec & affiliates where the certificate length (i.e. the period between the date the certificate was valid from and the date its valid until) exceeds 27 months.
Chrome 61 will begin blocking security certificates issued by Symantec & affiliates where the certificate length exceeds 21 months.
Chrome 62 will begin blocking security certificates issued by Symantec & affiliates where the certificate length exceeds 15 months.
Chrome 64 onwards will block security certificates issued by Symantec & affiliates where the certificate length exceeds 9 months.
Having analysed the security certificates of all 44 UK P2P sites which have their own forums here, presently, the following platforms currently utilize security certificates issued by the aforementioned companies:
Thawte:
GeoTrust:
Symantec:
However, the key factor here is how long each of these site's current certificates have been issued for:
37 months - ratesetter.com
26 months - ablrate.com
26 months - moneything.com
24 months - archover.com
24 months - landbay.co.uk
24 months - octopuschoice.com
24 months - proplend.com
24 months - relendex.com
12 months - assetzcapital.co.uk
12 months - collateraluk.com
12 months - huddlecapital.com
12 months - investandfund.com
12 months - peerfunding.co.uk
12 months - wisealpha.com
Based on the current expiry date of each site's certificate, this potentially means that the following sites will soon start to become inaccessible:
Chrome 60: (Released July 25th, 2017) (certificate limit of 27 months)
Chrome 61 (ETA September, 2017) (certificate limit of 21 months)
Chrome 64 ("Early" 2018) (certificate limit of 9 months)
It's therefore quite important that the above P2P sites take action to renew/re-issue their site's security certificates (and ensure that their new certificates are valid for no longer than 9 months), or perhaps more preferably switch to another certificate issuing authority (CA) - (I note that only a few days ago fundingknight.com's security certificate was up for renewal with GeoTrust, and they've now instead switched to Comodo)
It should be noted that whilst assetzcapital.co.uk, peerfunding.co.uk, wisealpha.com currently have certs issued by the affected companies, they are due to expire within the next couple of months, and so shouldn't be affected by the above incremental restrictions on certificate validity lengths in Chrome.
However, I'd encourage all P2P sites with security certificates issued by Symantec, GeoTrust, RapidSSL, or Thawte, to consider switching to less controversial and more trusted CA's for the benefit of their users!
Most of you may be unaware of this, but earlier this year the Google Chrome Team found some serious failings in the way that Symantec had been issuing SSL certificates to websites (SSL certificates are what allow us to access websites over https instead of insecure http). As a result, Google have publicly stated that they intend to soon start blocking websites in Chrome that use security certificates issued by Symantec (and their affiliates, GeoTrust, RapidSSL, and Thawte) that are older than certain ages.
Specifically, after August 31st, Chrome 60 will begin blocking security certificates issued by Symantec & affiliates where the certificate length (i.e. the period between the date the certificate was valid from and the date its valid until) exceeds 27 months.
Chrome 61 will begin blocking security certificates issued by Symantec & affiliates where the certificate length exceeds 21 months.
Chrome 62 will begin blocking security certificates issued by Symantec & affiliates where the certificate length exceeds 15 months.
Chrome 64 onwards will block security certificates issued by Symantec & affiliates where the certificate length exceeds 9 months.
Having analysed the security certificates of all 44 UK P2P sites which have their own forums here, presently, the following platforms currently utilize security certificates issued by the aforementioned companies:
Thawte:
- ablrate.com
- assetzcapital.co.uk
- investandfund.com
- ratesetter.com
GeoTrust:
- archover.com
- collateraluk.com
- landbay.co.uk
- relendex.com
- wisealpha.com
Symantec:
- huddlecapital.com
- moneything.com
- octopuschoice.com
- peerfunding.co.uk
- proplend.com
However, the key factor here is how long each of these site's current certificates have been issued for:
37 months - ratesetter.com
26 months - ablrate.com
26 months - moneything.com
24 months - archover.com
24 months - landbay.co.uk
24 months - octopuschoice.com
24 months - proplend.com
24 months - relendex.com
12 months - assetzcapital.co.uk
12 months - collateraluk.com
12 months - huddlecapital.com
12 months - investandfund.com
12 months - peerfunding.co.uk
12 months - wisealpha.com
Based on the current expiry date of each site's certificate, this potentially means that the following sites will soon start to become inaccessible:
Chrome 60: (Released July 25th, 2017) (certificate limit of 27 months)
- ratesetter.com
Chrome 61 (ETA September, 2017) (certificate limit of 21 months)
- ablrate.com
- archover.com
- landbay.co.uk
- moneything.com
- octopuschoice.com
- proplend.com
- relendex.com
Chrome 64 ("Early" 2018) (certificate limit of 9 months)
- collateraluk.com (current certificate expires Mar 18)
- investandfund.com (current certificate expires Feb 18)
- huddlecapital.com (current certificate expires Jun 18)
It's therefore quite important that the above P2P sites take action to renew/re-issue their site's security certificates (and ensure that their new certificates are valid for no longer than 9 months), or perhaps more preferably switch to another certificate issuing authority (CA) - (I note that only a few days ago fundingknight.com's security certificate was up for renewal with GeoTrust, and they've now instead switched to Comodo)
It should be noted that whilst assetzcapital.co.uk, peerfunding.co.uk, wisealpha.com currently have certs issued by the affected companies, they are due to expire within the next couple of months, and so shouldn't be affected by the above incremental restrictions on certificate validity lengths in Chrome.
However, I'd encourage all P2P sites with security certificates issued by Symantec, GeoTrust, RapidSSL, or Thawte, to consider switching to less controversial and more trusted CA's for the benefit of their users!
