[Cryptography] Google distrusts Symantec for mis-issuing 30, 000 HTTPS certs
Henry Baker
hbaker1 at pipeline.com
Fri Mar 24 10:28:53 EDT 2017
FYI --
https://arstechnica.com/security/2017/03/google-takes-symantec-to-the-woodshed-for-mis-issuing-30000-https-certs/
Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs
Chrome to immediately stop recognizing EV status and gradually nullify all certs.
Dan Goodin - Mar 23, 2017 11:25 pm UTC
In a severe rebuke of one of the biggest suppliers of HTTPS credentials, Google Chrome developers announced plans to drastically restrict transport layer security certificates sold by Symantec-owned issuers following the discovery they have issued more than 30,000 certificates.
Effective immediately, Chrome plans to stop recognizing the extended validation status of all certificates issued by Symantec-owned certificate authorities, Ryan Sleevi, a software engineer on the Google Chrome team, said Thursday in an online forum. Extended validation certificates are supposed to provide enhanced assurances of a site's authenticity by showing the name of the validated domain name holder in the address bar. Under the move announced by Sleevi, Chrome will immediately stop displaying that information for a period of at least a year. In effect, the certificates will be downgraded to less-secure domain-validated certificates.
https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/eUAKwjihhBs
----
While I applaud Google *in this instance*, what happens when Google starts doing evil?
Why should I trust Google?
Why do I have to trust Google?
More information about the cryptography
mailing list