Web lists-archives.com

Re: Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs

On 3/24/2017 at 12:35 PM, Sailfish's prodigious digits fired off with great aplomb:
REF: https://arstechnica.com/security/2017/03/google-takes-symantec-to-the-woodshed-for-mis-issuing-30000-https-certs/

[excerpt quote=\"
Update 3/24/2017 08:22 PDT: In a blog post published Friday morning, Symantec officials once again criticized the Google post. The officials also disputed the 30,000 certificate figure.

"Google's statements about our issuance practices and the scope of our past mis-issuances are exaggerated and misleading," they wrote. "For example, Google’s claim that we have mis-issued 30,000 SSL/TLS certificates is not true. In the event Google is referring to, 127 certificates—not 30,000—were identified as mis-issued, and they resulted in no consumer harm. We have taken extensive remediation measures to correct this situation, immediately terminated the involved partner’s appointment as a registration authority (RA), and in a move to strengthen the trust of Symantec-issued SSL/TLS certificates, announced the discontinuation of our RA program."

In an e-mail, Google officials wrote: "We appreciate Symantec's response. This remains an ongoing discussion, and we look forward to continuing our conversations with Symantec about this issue. We want to enable an open and transparent assessment of the compatibility and interoperability risks, relative to potential security threats to our users."
\" /]

Google jumping the gun?

30,000 vs. 127 - Hey, merely a couple of orders of magnitude (and then some), whats all the quibbling of differing numbers.

Looks like a "He said, she said."

And more smoke than fire.

Ed Mullen
What's another word for thesaurus?
general mailing list