Web lists-archives.com

Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs

REF: https://arstechnica.com/security/2017/03/google-takes-symantec-to-the-woodshed-for-mis-issuing-30000-https-certs/

[excerpt quote=\"
Update 3/24/2017 08:22 PDT: In a blog post published Friday morning, Symantec officials once again criticized the Google post. The officials also disputed the 30,000 certificate figure.

"Google's statements about our issuance practices and the scope of our past mis-issuances are exaggerated and misleading," they wrote. "For example, Google’s claim that we have mis-issued 30,000 SSL/TLS certificates is not true. In the event Google is referring to, 127 certificates—not 30,000—were identified as mis-issued, and they resulted in no consumer harm. We have taken extensive remediation measures to correct this situation, immediately terminated the involved partner’s appointment as a registration authority (RA), and in a move to strengthen the trust of Symantec-issued SSL/TLS certificates, announced the discontinuation of our RA program."

In an e-mail, Google officials wrote: "We appreciate Symantec's response. This remains an ongoing discussion, and we look forward to continuing our conversations with Symantec about this issue. We want to enable an open and transparent assessment of the compatibility and interoperability risks, relative to potential security threats to our users."
\" /]

Google jumping the gun?

30,000 vs. 127 - Hey, merely a couple of orders of magnitude (and then some), whats all the quibbling of differing numbers.

Rare Mozilla Stuff: http://tinyurl.com/z86x3sg
general mailing list