[eWeek] Google Threatens to Distrust Symantec SSL/TLS Certificates

Industry news items concerning VPNs, darknets, crypto, surveillance and secure computing.
User avatar
Site Admin
Posts: 1262
Joined: Wed Feb 05, 2014 3:47 am

[eWeek] Google Threatens to Distrust Symantec SSL/TLS Certificates

Post by parityboy » Sun Mar 26, 2017 3:47 pm

Google is threatening to stop trusting some Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates issued by Symantec inside of the Chrome web browser. Google alleges that Symantec has failed to properly validate issued certificates, a claim with which Symantec strongly disagrees.

"Since January 19, the Google Chrome team has been investigating a series of failures by Symantec Corporation to properly validate certificates," Ryan Sleevi, staff software engineer at Google, wrote. "Over the course of this investigation, the explanations provided by Symantec have revealed a continually increasing scope of misissuance with each set of questions from members of the Google Chrome team."

Google's initial investigation looked at 127 certificates that may have been misissued, but the list has now expanded to include at least 30,000 certificates issued over a period of several years, according to Sleevi. In October 2015, Google also publicly admonished Symantec over certificates issuance practices.