Google Details Plan To Distrust Symantec Certificates

[aneil1998]

On September 11th, 2017, Google has released a blog post about their plans on distrusting Symantec certificates.

 

Quote

On January 19, 2017, a public posting to the mozilla.dev.security.policy newsgroup drew attention to a series of questionable website authentication certificates issued by Symantec Corporation’s PKI.

Quote

Symantec’s PKI business, which operates a series of Certificate Authorities under various brand names, including Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL, had issued numerous certificates that did not comply with the industry-developed CA/Browser Forum Baseline Requirements.

 

They also announced their intention to sell their PKI business to their competitor, Digicert.

Quote

Symantec announced the selection of DigiCert to run this independently-operated Managed Partner Infrastructure, as well as their intention to sell their PKI business to DigiCert in lieu of building a new trusted infrastructure.

 

Google also provided a timeline of relevant dates associated with this plan. Tom's Hardware did an amazing job of summarizing it. 

Quote

Starting with Chrome 66 (we’re now at version 61), the browser will remove trust in Symantec-issued certificates issued prior to June 1, 2016. Website operators that use Symantec certificates issued before that date should be looking to replace their certificates by April 2018, when Chrome 66 is expected to come out.

 

Starting with Chrome 62 (next version), the built-in DevTools will also warn operators of Symantec certificates that will be distrusted in Chrome 66.

 

After December 1, the new infrastructure managed by DigiCert will go into effect, and any new certificates issued by the old Symantec infrastructure will no longer be valid in Chrome.

 

By November 2018, Chrome 70 will come out and will completely remove trust in all Symantec certificates that have ever been issued.

 

Website operators can replace their old Symantec certificates with certificates from DigiCert from December 1 or from any other CA trusted by Google’s Chrome browser.

 

I personally hope that websites do update their certificates and make it public why they are doing it, so others will follow suit.

 

Sources:-

http://www.tomshardware.com/news/google-plan-distrust-symantec-certificates,35428.html

https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html

 

Edit: Changed formatting

 

 

[_Dr_Eye_]

2 minutes ago, aneil1998 said:

On September 11th, 2017, Google has released a blog post about their plans on distrusting Symantec certificates.

 

 

They also announced their intention to sell their PKI business to their competitor, Digicert.

 

Google also provided a timeline of relevant dates associated with this plan. Tom's Hardware did an amazing job of summarizing it. 

 

I personally hope that websites do update their certificates and make it public why they are doing it, so others will follow suit.

 

Sources:-

http://www.tomshardware.com/news/google-plan-distrust-symantec-certificates,35428.html

https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html

 

 

 

I agree. any way who uses semantic??

[aneil1998]

1 minute ago, _Dr_Eye_ said:

I agree. any way who uses semantic??

i personally used to use them in 2015 since other antiviruses always gave me other problems and i had trust in them. But when my license expired later that year, i moved to another antivirus

[Bouzoo]

I haven't had a lot of experience with them in the last few years, but my early days with Norton were unforgettable.

If their certificates are even as half as bad as early 2000 Norton, good riddance. 

 

Anecdote: Norton decided that a brand new just opened CD was virus infested and blocked it in any possible way.

[Belgarathian]

You need to fix your formatting, FYI. 

 

[Creed1]

8 minutes ago, Belgarathian said:

You need to fix your formatting, FYI. 

 

 

Night Theme Exclusive 

 

JK.....

 

It does need fixing though

 

[aneil1998]

24 minutes ago, Belgarathian said:

You need to fix your formatting, FYI. 

 

15 minutes ago, CmzPlusHardware said:

Night Theme Exclusive 

 

JK.....

 

It does need fixing though

 

Should be fixed now. Thanks for telling me

[themctipers]

Just now, aneil1998 said:

 

Should be fixed now. Thanks for telling me

that's a lovely shade that everyone will like

--

 

i used norton until 2015.  

NORTON 2008. 

[sof006]

1 hour ago, Bouzoo said:

I haven't had a lot of experience with them in the last few years, but my early days with Norton were unforgettable.

If their certificates are even as half as bad as early 2000 Norton, good riddance. 

 

Anecdote: Norton decided that a brand new just opened CD was virus infested and blocked it in any possible way.

I had this happen years ago with firefox back when I had my good old Toshiba laptop. Had Norton running and anytime I went to launch any program nothing would load, firefox being the main one. It would magically be blocked and named a virus by Norton. 

[AlTech]

4 hours ago, _Dr_Eye_ said:

I agree. any way who uses semantic??

People use VeriSign to sign Exes and stuff for Windows.

[Nick Burns, Company IT Guy]

6 hours ago, _Dr_Eye_ said:

I agree. any way who uses semantic??

Lots of enterprise solutions.

[LAwLz]

7 hours ago, _Dr_Eye_ said:

I agree. any way who uses semantic??

Symantec*

 

And the answer is a lot of people. For example, Amazon uses a cert from them for their website.

[Akolyte]

Symantec is a huge company, and is used by many other companies.  However, my suspicion is they are discovering their services will eventually become obsolete.  Their certificates are used by massive providers but no doubt many people would rather go with different certificate providers for their websites, like Comodo and LetsEncrypt(for small sites) 

 

So, I think we can expect to see Symantec, and other giants like McAfee and Trend Micro to become more desperate as time continues.  We can even see this trend with Avast, which has become riddled with adware and useless utilities, so has Norton and McAfee which are paid products. 

 

While I worked for AVG, in the later years of 2013 even it was apparent they were starting reduction in demand, even if their share prices were going up. 

[Bananasplit_00]

On 12/09/2017 at 0:41 AM, Bouzoo said:

I haven't had a lot of experience with them in the last few years, but my early days with Norton were unforgettable.

If their certificates are even as half as bad as early 2000 Norton, good riddance. 

 

Anecdote: Norton decided that a brand new just opened CD was virus infested and blocked it in any possible way.

Yah i lived with that, all the way until around 2013 when I got my own laptop... Literally every download it nuked, wanna play a multilayer game? Nope those are security holes to Norton. Want to open a .zip? Nooooo those are all Trojans, can't you see that?