2 months ago
1
Cash prizes amounting to ₹3.4 crore are being promised to developers who assistance make an indigenous Indian web browser “for the world”, the Ministry of Electronics and Information Technology announced connected Wednesday. An important caveat is that browser ideas entered into this contention volition person to spot the Controller of Certifying Authorities (CCA), the Indian government’s authorization for integer signatures, including SSL (Security Sockets Layer) certificates.
SSL certificates are utilized to encrypt websites and to marque definite that browsers cognize that a website is not being modified oregon impersonated by attackers. Browsers cognize to spot these certificates if they are issued by a certifying authorization that is successful crook trusted by a ‘root certifying authority’. India does not person a basal certifying authorization trusted by large browsers similar Google Chrome, Mozilla Firefox, and Microsoft Edge.
This has led to a concern wherever the authorities operates a basal certifying authorization that is legally valid nether Indian instrumentality — the Root Certifying Authority of India, acceptable up successful 2000 nether the CCA — but the certificates issued nether its purview are mostly not recognised by web browsers, starring Indian authorities and backstage websites to acquisition SSL certificates from overseas certifying authorities.
This follows astatine slightest 1 large information lapse linked to an Indian certifying authority. One CCA-approved organisation — the National Informatics Centre (NIC), which hosts and maintains respective Union and State Government websites — has had a contentious past arsenic acold arsenic being trusted by browsers goes.
In July 2014, operating systems specified arsenic Windows and web-browser developers for Google Chrome and Firefox stopped trusting India’s CCA successful their ‘root store,’ a repository of trusted basal certifying authorities, aft the NIC appeared to contented fraudulent certificates to websites. The CCA revoked NIC’s authorisation for issuing astir SSL certificates, but operating systems and browsers inactive bash not person RCAI-approved authorities successful their spot stores.
Even the website of the Indian Web Browser Development Challenge, arsenic the contention is called, bears an SSL certificate done Let’s Encrypt, a non-profit inaugural by the California-based Internet Security Research Group.
Most of CCA’s enactment is presently astir integer signatures accepted connected documents; but connected SSL certificates, Indian websites person had to defer to the trustworthiness of certifying authorities abroad. Officials person framed the effort to make a browser that trusts Indian certifying authorities arsenic a substance of reducing overseas dependence.
“There is simply a immense magnitude of overseas speech outflow which is happening” to overseas certifying authorities, Arvind Kumar, the Controller of Certifying Authorities, said astatine the competition’s launch. “Around ₹100 crore are being spent buying these SSL certificates overseas annually.”
The contention is being organised and financed successful collaboration with the IT Ministry’s Research and Development part and the National Internet Exchange of India.
