Google threatens action against Symantec-issued SSL website certificates

Discussion in 'Windows' started by Sefie, Oct 29, 2015.

  1. Sefie


    Jan 15, 2014
    Likes Received:
    Thaaaaaaaaaaaaaaaank you, Google!!!


    Google wants Symantec to disclose all certificates issued by its SSL business going forward, after what Google considers a botched investigation into how Symantec employees issued SSL certificates for domain names that the company did not own.

    The browser maker also wants the security firm to publish a detailed analysis of how the incident was investigated.

    Through its acquisition of Verisign’s authentication business unit in 2010, Symantec became one of the largest certificate authorities (CAs) in the world. Such organizations are trusted by browsers and operating systems to issue digital certificates to domain owners which are then used to encrypt online communications.

    In September, Google discovered that Symantec had issued a pre-certificate for without its knowledge. Even more surprising was that this certificate was an Extended Validation (EV) one, and therefore was supposed to require extensive verification of the requesting entity’s identity and ownership of the domain.

    Google discovered the incident because, as part of its Chrome browser policies, it requires all CAs to disclose the EV certificates they issue in a public audit log as part of a new protocol called Certificate Transparency (CT).
    Sefie, Oct 29, 2015
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.