Public Audit Records, Certificate Transparency, Google Chrome and you

Why is Google Chrome complaining about my certificate?

A recent update to Google Chrome is now warning users that certificates do not have public audit records.  They put a yellow triangle over the normal lock display in the location bar and give a somewhat confusing explanation.

This is all due to a campaign that Google has been driving to make the certificate signing process public record so that clients can add a step to the verification process.  The technology makes sense, if we are to trust these Certificate Authorities, why can't we see what certificates they are signing and be able to audit them?

Is it safe to use sites that don't use Certificate Transparency?

As with most questions of this type, it depends.  If you are submitting private information to a third party, like bank account numbers, birthdates, social security numbers, that you need to keep safe, it is a good idea to make sure a site is using Certificate Transparency.  Recognize that this is a new technology that fits on top of existing strong encryption technologies that you are already using and it may take time for certain places to implement it.

If you aren't banking, though, you are probably ok.  It is a nice standard that would be great to see adopted by all websites, but these type of certificates, especially for academic institutions or non-profits, may be cost and time prohibitive to implement.

More information

You can read up on this certificate technology at these sites.