Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs
- Date: Fri, 24 Mar 2017 09:35:13 -0700
- From: Sailfish <NIXCAPSsailfish@xxxxxxxxxxxxxxxxxxxxxxxx>
- Subject: Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs
[excerpt quote=\"Update 3/24/2017 08:22 PDT: In a blog post published Friday morning, Symantec officials once again criticized the Google post. The officials also disputed the 30,000 certificate figure.
"Google's statements about our issuance practices and the scope of our past mis-issuances are exaggerated and misleading," they wrote. "For example, Google’s claim that we have mis-issued 30,000 SSL/TLS certificates is not true. In the event Google is referring to, 127 certificates—not 30,000—were identified as mis-issued, and they resulted in no consumer harm. We have taken extensive remediation measures to correct this situation, immediately terminated the involved partner’s appointment as a registration authority (RA), and in a move to strengthen the trust of Symantec-issued SSL/TLS certificates, announced the discontinuation of our RA program."
In an e-mail, Google officials wrote: "We appreciate Symantec's response. This remains an ongoing discussion, and we look forward to continuing our conversations with Symantec about this issue. We want to enable an open and transparent assessment of the compatibility and interoperability risks, relative to potential security threats to our users."
\" /] Google jumping the gun?30,000 vs. 127 - Hey, merely a couple of orders of magnitude (and then some), whats all the quibbling of differing numbers.
-- Sailfish Rare Mozilla Stuff: http://tinyurl.com/z86x3sg _______________________________________________ general mailing list general@xxxxxxxxxxxxxxxxx https://lists.mozilla.org/listinfo/general
- Prev by Date: hot cub the france
- Next by Date: Re: Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs
- Previous by thread: hot cub the france
- Next by thread: Re: Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs