[Cryptography] Google distrusts Symantec for mis-issuing 30, 000 HTTPS certs

[Henry Baker]

FYI --

https://arstechnica.com/security/2017/03/google-takes-symantec-to-the-woodshed-for-mis-issuing-30000-https-certs/

Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs

Chrome to immediately stop recognizing EV status and gradually nullify all certs.

Dan Goodin - Mar 23, 2017 11:25 pm UTC

In a severe rebuke of one of the biggest suppliers of HTTPS credentials, Google Chrome developers announced plans to drastically restrict transport layer security certificates sold by Symantec-owned issuers following the discovery they have issued more than 30,000 certificates.

Effective immediately, Chrome plans to stop recognizing the extended validation status of all certificates issued by Symantec-owned certificate authorities, Ryan Sleevi, a software engineer on the Google Chrome team, said Thursday in an online forum.  Extended validation certificates are supposed to provide enhanced assurances of a site's authenticity by showing the name of the validated domain name holder in the address bar.  Under the move announced by Sleevi, Chrome will immediately stop displaying that information for a period of at least a year.  In effect, the certificates will be downgraded to less-secure domain-validated certificates.

https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/eUAKwjihhBs

----
While I applaud Google *in this instance*, what happens when Google starts doing evil?

Why should I trust Google?

Why do I have to trust Google?