Exec at Symantec spells out what company will do if Google follows through on its proposed plans to degrade trust in Symantec certs.

Dark Reading Staff, Dark Reading

March 27, 2017

1 Min Read

Symantec posted a message to its digital certificate customers on Sunday outlining its plans should Google make good on its threats to take action against its SSL/TLS certificates.

Google last week said due to improperly validated certs issued by Symantec, it was considering several steps to downgrade or reject the certificate authority's certs.

"First and foremost, I want to reassure you that you can continue to trust Symantec SSL/TLS certificates," Roxane Divol, vice president and general manager of Symantec Website Security, wrote in a blog post. "We object to its proposals and intend to engage with Google to work through its concerns."

Symantec noted it had mis-issued 127 certificates, not 30,000 as Google had indicated, and that it would "immediately" terminate the registration authority (RA) involved. Divol also said Symantec plans to discontinue its RA program.

She said if Google moves forward and requires replacement of Symantec certificates, Symantec will reissue customers' certificates at no cost, as a means to keep the certificates within the validity period. Divol said that while Symantec agrees with Google's stated proposal to shorten the validity periods for certificates, the company realizes it could potentially increase the expense for its customers and is working to deliver automation tools to customers to help them manage that process. 

Read Symantec's blog post here.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights