Google unveils SSL security plans post Comodo attack

Google has revealed its plans for securing Secure Sockets Layer (SSL) certificates, as the security industry attempts to move on from the Comodo security breach.

In a posting to the Google Online Security blog, security team engineer Ben Laurie outlined plans for two projects which the company hopes will help to prevent future security incidents and restore trust in online certificates.

The first is an online catalogue for certificates. Laurie explained that Google is using its web crawling software to pore over sites and gather information on security certificates.

The company plans to turn the collection into the Google Certificate Catalog, a database of SSL certificates allowing for connections to verify the authenticity of online certificate data.

Google will also work with the DNS-based Authentication of Named Entries working group which is building a platform that can specify and validate the signing of online certificates.

"In the wake of the recent Comodo fraud incident, there has been a great deal of speculation about how to improve the Public Key Infrastructure on which the security of the internet rests," Laurie wrote. "Unfortunately, this isn't a problem that will be fixed overnight."

Laurie was referring to the recent crisis with security firm Comodo in which a hacker was able to gain access to company data and generate fake security certificates.

A hacker from Iran later claimed responsibility for the attacks.