Symantec Seeks to Quell CA Customer Concerns over Google Warning

Exec at Symantec spells out what company will do if Google follows through on its proposed plans to degrade trust in Symantec certs.



Symantec posted a message to its digital certificate customers on Sunday outlining its plans should Google make good on its threats to take action against its SSL/TLS certificates.

Google last week said due to improperly validated certs issued by Symantec, it was considering several steps to downgrade or reject the certificate authority's certs.

"First and foremost, I want to reassure you that you can continue to trust Symantec SSL/TLS certificates," Roxane Divol, vice president and general manager of Symantec Website Security, wrote in a blog post. "We object to its proposals and intend to engage with Google to work through its concerns."

Symantec noted it had mis-issued 127 certificates, not 30,000 as Google had indicated, and that it would "immediately" terminate the registration authority (RA) involved. Divol also said Symantec plans to discontinue its RA program.

She said if Google moves forward and requires replacement of Symantec certificates, Symantec will reissue customers' certificates at no cost, as a means to keep the certificates within the validity period. Divol said that while Symantec agrees with Google's stated proposal to shorten the validity periods for certificates, the company realizes it could potentially increase the expense for its customers and is working to deliver automation tools to customers to help them manage that process. 

Read Symantec's blog post here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2019 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service