Making a push for an indigenous web browser, the Union Government on Thursday (March 20, 2025) awarded the Tenkasi-based Zoho Corporation with a ₹1 crore prize for a web browser development challenge. A key condition for the browser, though, has highlighted the principal motivation for the project: the browser, Ulaa, must trust India’s so-called root certifying authority.
This is also meant to be contingency planning, to ensure that if India’s access to the global Internet is ever cut off, due to some unforeseen security scenario, it will still be possible to have a completely operational browser within the country.
Indian root certificate
Root certifying authorities are around 100 organisations around the world who can confer trustworthiness to firms that issue Secure Socket Layer (SSL) certificates, which are represented by the “https” on a web address. On most mainstream web browsers, a green lock icon with the “https” in the URL indicates an encrypted and legitimate connection to any given website.
The Controller of Certifying Authorities (CCA) — a body set up under the Ministry of Electronics and Information Technology — has already created an Indian root certificate. But after a security breach in 2014, where the Government’s National Informatics Commission (NIC)’s systems were used to generate fake SSL certificates for sites like Google and Yahoo, web browsers and operating systems stopped including the CCA’s certificates in their software repositories.
The ₹1 crore prize — announced in 2023 and conferred this week to Zoho — was to create a web browser that trusts the latest iteration of this root certificate anyway. Only one Indian organisation — the private company eMudhra’s emSign — is currently trusted as a root certifying authority by browsers around the world.
Internet resilience
Arvind Kumar, the current CCA, said on Thursday (March 20, 2025) that Ulaa would help the Government to navigate “the multiple kinds of negotiation compliances which [major browsers] are proposing on us,” and that “we should be able to have a good negotiating stage while developing while working with Mozilla or Google”.
Mr. Kumar added that the browser would allow for an “indigenous authentication mechanism and enhance cyber security”.
IT Secretary S. Krishnan said that a domestic browser would be “a key step in achieving Internet resilience for the country,” and that it was important that “resilience aspects are taken care of and we have a browser that we can trust”.
Mr. Krishnan also evoked a darker possibility: that India may at some point, perhaps due to undersea cable cuts, be disconnected from the global web. “In a situation where our access to the Internet globally may get cut off, to have it completely operational within the country… Today’s efforts will be key in strengthening the resilience of the Internet within the country,” he said.
Published - March 21, 2025 09:07 pm IST
