Germany’s cyber-security agency is working on a set of minimum rules that modern web browsers must comply with in order to be considered secure. From a report: The new guidelines are currently being drafted by the German Federal Office for Information Security (or the Bundesamt fur Sicherheit in der Informationstechnik — BSI), and they’ll be used to advise government agencies and companies from the private sector on what browsers are safe to use. A first version of this guideline was published in 2017, but a new standard is being put together to account for improved security measures added to modern browsers, such as HSTS, SRI, CSP 2.0, telemetry handling, and improved certificate handling mechanisms — all mentioned in a new draft released for public debate last week. According to the BSI’s new draft, to be considered “secure,” a modern browser must follow the following requirements, among others: Must support TLS, must have a list of trusted certificates, must support extended validation (EV) certificates, must verify loaded certificates against a Certification Revocation List (CRL) or an Online Certificate Status Protocol (OCSP); the browser must use icons or color highlights to show when communications to a remote server is encrypted or in plaintext, connections to remote websites running on expired certificates must be allowed only after specific user approval; must support HTTP Strict Transport Security (HSTS) (RFC 6797). Further reading: Germany and the Netherlands To Build the First Ever Joint Military Internet.
of this story at Slashdot.
Source:: Slashdot