I haven't trusted Symantec since 2007
I'm happy to see that others have finally caught on...
Google has detailed its plan to deprecate Symantec-issued certificates in Chrome. The decision to end-of-life its trust for Symantec certificates was the outcome of a long tussle over dodgy certificates, which came to a head when certs for example.com and various permutations of test.com escaped into the wild. The absolute …
Oh, so you were just being funny. Meh, the wide eyed innocent interpretation ended up being more useful for those lazy sods like me who vaguely recollected the name but couldn't be bothered to search.
I haven't been anywhere near them or their predecessors since viruses came on floppies.But why does it have to be "Big Google" that is judge, jury and executioner? Because there is no-one else? Hmm.
"If you think something's expired when it has a year to go then yeah....."
Assuming that cert lifespan is always three years and purchase/renewal rate is reasonably constant, by the law of averages around 66% of certs currently in use will have expired by the time this comes into effect - that's a more solid "most" than the Brexit result...
I dislike Symantec business practices more than I do Adobe and Microsoft. They all buy out other companies and often ruin a good product when they get hold of it but Symantec ruin EVER product they get their hands on. So i hope this blocking of their certs by Chrome really hit them in their bank balance.
This post has been deleted by its author
I am smoking the Symantec pipe, and although it tastes bad, I have got used to it.
If you have tried AV on an SSD equipped PC or laptop, the performance isn't too bad. Compared to other AV products, we slow down performance by about the same amount and generally hit the industry averages for bricking your PC via updates.
When we buy new businesses, we are quick to splash out the brown paint so that our levels of quality are quickly met...
not sure I like the power and muscle google is flexing here. I do not see how it is their job to stop a browser from working with certificates from a particular provider. I would not be at all surprised to see google start issuing its own certificates, and a little down the road have chrome only accept google certificates. I am already totally irritated by how they get to decide what they are going to let me view. Not their choice to make IMO. None of this going in a good direction. Too much control.
not sure I like the power and muscle google is flexing here. I do not see how it is their job to stop a browser from working with certificates from a particular provider.
1) It is exactly their job to asses as to whether their software will trust a CA. This is how the certificate system works. It is a chain of trust. The software receiving the certificate has to somehow trust the cert (usually via a chain of trust to the signer). To 'trust' a CA, the software has to include (i.e. a pro-active step from the developer of the software) the trust chain in the software (or it can trust the operating systems truststore). Therefore a CA like Symantec, Digicert, etc. has to ask the developer (Firefox, Chrome, or the OS like windows which has an OS-wide truststore) to include them in that chain of trust, so they can put the cert in the software-supplied truststore (one of the things updates to browser/OS software does is add/remove certs from their truststores). If the developer of the software no longer trusts a CA, then they are perfectly within their rights - in fact this is how it is supposed to work - to have their software to stop accepting certs signed by that CA.
2) I'm not 100% sure on this, but you could probably manually trust the Symantec CA by installing the certs yourself in the appropriate truststore. Most of these systems have exceptions/documented/standard ways of enforcing a user-preference on the certs, manually updating the trust-stores and revocation lists. What we are talking here is the out-of-box, un-user-configured/personalized experience of Chrome.
3) Chrome is Google's browser, so they can do with it as they will. Chrome isn't by any means a monopoly. The browser market is a crowded place. This is not a situation where there aren't viable alternatives. Don't like it, there are PLENTY of other browsers out there, Firefox, IE, Edge, Safari, Vivaldi, and more. Many of those others are forks of the main browsers engines, but since they are forks they can decide whether or not to include certain features.
Biting the hand that feeds IT © 1998–2020