Stories
Slash Boxes
Comments

SoylentNews is people

Mozilla Tells Symantec to Accept Google's CA Proposal

posted by martyb on Thursday May 04 2017, @04:32PM   Printer-friendly
from the Symantec's-antics dept.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

Google announced in March its intent to stop trusting all Symantec-issued digital certificates due to the certificate authority's failure to play by the rules. Symantec, its subsidiaries and its partners had been accused of making too many exceptions from Baseline Requirements (BR) in favor of their customers.

The developer of the Chrome web browser initially proposed the reduction of the validity period for newly issued Symantec certificates to nine months or less, gradual distrust and replacement of all existent certificates, and the removal of extended validation (EV) status for Symantec certificates.

[...] After some debate, Google made a second proposal that involves Symantec partnering with one or more existing CAs and using their infrastructure and validation process. Symantec would still handle business relations with customers and all CAs would be cross-signed by the company.

[...] Mozilla has advised Symantec to accept Google's second proposal and said it's open to discussing its implementation. However, if Symantec refuses, Mozilla may take alternative action to "reduce the risk from potential past and future mis-issuances by Symantec, and to ensure future compliance with the BRs and with other root program requirements."

Source: http://www.securityweek.com/mozilla-tells-symantec-accept-googles-ca-proposal

Original Submission

 
This discussion has been archived. No new comments can be posted.
Mozilla Tells Symantec to Accept Google's CA Proposal | Log In/Create an Account | Top | 15 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Disagree) by mcgrew on Thursday May 04 2017, @07:05PM (1 child)

    by mcgrew (701) <publish@mcgrewbooks.com> on Thursday May 04 2017, @07:05PM (#504479) Homepage Journal

    I ran across one in Firefox yesterday from Google News. Despite there being no reason at all to need a security certificate for a well-known newspaper. It was hard (and annoying) to get past the multiple warning screens. It isn't like I was buying something or downloading software, those are the places that need certificates.

    My guess was that one of their advertisers had a bad cert.

    --
    mcgrewbooks.com mcgrew.info nooze.org
    Starting Score:    1  point
    Moderation   0  
       Disagree=1, Total=1
    Extra 'Disagree' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by KiloByte on Thursday May 04 2017, @09:41PM

    by KiloByte (375) on Thursday May 04 2017, @09:41PM (#504545)

    My guess was that one of their advertisers had a bad cert.

    Yet another thing that Request Policy fixes. Or at least Adblock with a good list, but advertisers multiply like vermin they are, so a blacklist-based approach is never accurate enough.

    --
    Ceterum censeo systemd esse delendam.