Submitted via IRC for TheMightyBuzzard
Google announced in March its intent to stop trusting all Symantec-issued digital certificates due to the certificate authority's failure to play by the rules. Symantec, its subsidiaries and its partners had been accused of making too many exceptions from Baseline Requirements (BR) in favor of their customers.
The developer of the Chrome web browser initially proposed the reduction of the validity period for newly issued Symantec certificates to nine months or less, gradual distrust and replacement of all existent certificates, and the removal of extended validation (EV) status for Symantec certificates.
[...] After some debate, Google made a second proposal that involves Symantec partnering with one or more existing CAs and using their infrastructure and validation process. Symantec would still handle business relations with customers and all CAs would be cross-signed by the company.
[...] Mozilla has advised Symantec to accept Google's second proposal and said it's open to discussing its implementation. However, if Symantec refuses, Mozilla may take alternative action to "reduce the risk from potential past and future mis-issuances by Symantec, and to ensure future compliance with the BRs and with other root program requirements."
Source: http://www.securityweek.com/mozilla-tells-symantec-accept-googles-ca-proposal
(Score: 3, Insightful) by bradley13 on Thursday May 04 2017, @06:07PM (3 children)
Still, they should have been distrusted (detrusted?). If it nukes a third of the Internet, then it does - any place that matters would replace their cert within a day. Heck, give customers a week's warning, and the effect would be negligible.
Google is being far too nice.
Everyone is somebody else's weirdo.
(Score: 2) by zocalo on Thursday May 04 2017, @06:32PM (2 children)
UNIX? They're not even circumcised! Savages!
(Score: 2) by edIII on Thursday May 04 2017, @07:28PM (1 child)
I can't imagine why Symantec wouldn't take the deal. Considering what has happened, they are being allowed to *continue* to service the customer accounts, take money, and basically operate.
This is forced outsourcing if anything, and a 3rd party company saying we're going to help with the Q&A and cross sign your certs. They failed at the core business of a CA, and now have others helping them.
I'm reminded of Deadpool here:
They're being allowed to live and make money. That's pretty damn gentle lover-like treatment to me :)
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by zocalo on Thursday May 04 2017, @09:30PM
UNIX? They're not even circumcised! Savages!