Symantec Seeks to Quell CA Customer Concerns over Google Warning
Exec at Symantec spells out what company will do if Google follows through on its proposed plans to degrade trust in Symantec certs.
Symantec posted a message to its digital certificate customers on Sunday outlining its plans should Google make good on its threats to take action against its SSL/TLS certificates.
Google last week said due to improperly validated certs issued by Symantec, it was considering several steps to downgrade or reject the certificate authority's certs.
"First and foremost, I want to reassure you that you can continue to trust Symantec SSL/TLS certificates," Roxane Divol, vice president and general manager of Symantec Website Security, wrote in a blog post. "We object to its proposals and intend to engage with Google to work through its concerns."
Symantec noted it had mis-issued 127 certificates, not 30,000 as Google had indicated, and that it would "immediately" terminate the registration authority (RA) involved. Divol also said Symantec plans to discontinue its RA program.
She said if Google moves forward and requires replacement of Symantec certificates, Symantec will reissue customers' certificates at no cost, as a means to keep the certificates within the validity period. Divol said that while Symantec agrees with Google's stated proposal to shorten the validity periods for certificates, the company realizes it could potentially increase the expense for its customers and is working to deliver automation tools to customers to help them manage that process.
Read Symantec's blog post here.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024