Apr 1, 2011 16:52 GMT  ·  By

Google is working on implementing more strict digital certificate verification mechanisms in Chrome based on a technology it already has.

The security industry is still actively discussing the recent compromise of a Registration Authority (RA) that resulted in rogue digital certificates for high-profile domains being issued by Comodo.

Following the incident, browser vendors and security specialists have begun working together to find methods of improving the public key infrastructure (PKI), which is used to establish trust online.

However, while the involved parties are in agreement on some aspects, there are significant differences in the approaches they prefer.

For example, Google announced on its Online Security blog that it plans to begin relying on its Certificate Catalog to validate certficates.

The Google Certificate Catalog is a database of certificates the company's crawlers have discovered on the Internet correlated with some additional information like the date when they were first seen and the last time they were active.

Using this information could help browsers determine if a certificate is suspicious or not even if signed by a trusted Certification Authority (CA) like Comodo.

"The basic idea is that if a certificate doesn’t appear in our database, despite being correctly signed by a well-known CA and having a matching domain name, then there may be something suspicious about that certificate," Google says.

The company is investigating methods of providing an opt-in mechanism in Chrome, which would force the browser to perform this extra check.

"We hope other browsers will in time consider acting similarly," the company writes, however, its probably unlikely that other vendors will introduce a Google-dependant feature.

Other more uniform methods, including one that relies on DNSSEC, are being considered, but they will take time before being deployed.

Google admits its Certificate Catalog method is derived from the Perspectives project developed at Carnegie-Mellon University (CMU), which uses a similar approach based on notaries.