Jeffrey Walton <noloa...@gmail.com> writes: >Google has read the riot act to Symantec, scolding the security biz for its >slapdash handling of highly sensitive SSL certificates.
Hardly. It's just TB2F business as usual. If you read the original article: >Symantec performed another audit and, on October 12th, announced that they >had found an additional 164 certificates over 76 domains and 2,458 >certificates issued for domains that were never registered. > >[...] > >Therefore we are firstly going to require that as of June 1st, 2016, all >certificates issued by Symantec itself will be required to support >Certificate Transparency. > >After this date, certificates newly issued by Symantec that do not conform to >the Chromium Certificate Transparency policy may result in interstitials or >other problems when used in Google products. Translated: A major CA has blatantly abused its position as a "trusted authority". We will be responding to this abuse of trust by waving our index fingers at them in a vaguely scolding manner. In the future, if it happens again, we might even go so far as to send them a strongly-worded letter, and take them off our Christmas card list. In the meantime, we would like to congratulate Symantec on their record- breaking $900M profit for the latest financial year, and hope they have many further profitable years securing the Internet with trusted certificates. Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography