Re: Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs
On 3/25/17 3:49 AM, Ed Mullen wrote:
On 3/24/2017 at 12:35 PM, Sailfish's prodigious digits fired off with great
Update 3/24/2017 08:22 PDT: In a blog post published Friday morning, Symantec
officials once again criticized the Google post. The officials also disputed
the 30,000 certificate figure.
"Google's statements about our issuance practices and the scope of our past
mis-issuances are exaggerated and misleading," they wrote. "For example,
Google’s claim that we have mis-issued 30,000 SSL/TLS certificates is not
true. In the event Google is referring to, 127 certificates—not 30,000—were
identified as mis-issued, and they resulted in no consumer harm. We have
taken extensive remediation measures to correct this situation, immediately
terminated the involved partner’s appointment as a registration authority
(RA), and in a move to strengthen the trust of Symantec-issued SSL/TLS
certificates, announced the discontinuation of our RA program."
In an e-mail, Google officials wrote: "We appreciate Symantec's response.
This remains an ongoing discussion, and we look forward to continuing our
conversations with Symantec about this issue. We want to enable an open and
transparent assessment of the compatibility and interoperability risks,
relative to potential security threats to our users."
Google jumping the gun?
30,000 vs. 127 - Hey, merely a couple of orders of magnitude (and then some),
whats all the quibbling of differing numbers.
Looks like a "He said, she said."
And more smoke than fire.
Yeah, now i got it? it is a s/he question ;-)
User agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49a2
Build identifier: 20161122013001
I never met a man I didn't want to fight.
-- Lyle Alzado, professional football lineman
general mailing list