Certification: Google goes against Symantec before

Google wants to escape by trust increasingly Symantec TLS certificates issued and announced concrete steps to do so. So constantly aims to reduce the amount of time, in the Google’s Web browser chrome such certificates still trust gives.

(Bild: Shutterstock/Cousin_Avi)

while them admits chrome 59 still valid for 33 months, the period with each version to reduce further. The chrome 64 finally scheduled for the 30th January 2018 should no longer trust Symantec’s certificates for secure encrypted Internet connections after only nine months. In addition, it is planned to withdraw the status of extended validation to Symantec for at least a year and to implement the revision of all currently valid certificates.

the chrome developers throw Symantec of more serious a series failed the granting of safety certificates, the users among other things the use one over TLS / SSL encrypted HTTP connection, as well as the digital identity of a website confirm. Recently, Symantec had to block again incorrect certificates after an independent security researchers had uncovered the abuse of allowances. According to Google, an investigation revealed that Symantec’s procurement practices and lack of supervision of subordinate certification authorities significantly compromised users.

Google’s planned approach called “irresponsible”

Symantec. While Google developers would have been with Ryan always who announced the planned steps in a mailing list for developers, after years of problems Symantec’s procurement practice apparently immediately comprehensive and decisive measures required. To be considered, but also potential problems with interoperability and compatibility were because Symantec provides more than 30 percent of all certificates. The compatibility risk is particularly high for certificates issued by Symantec as the security company had taken over some of the first certificate authorities (CAs), such as Thawte, VeriSign and Equifax, which are among the most broadly supported certification authorities.

already 2015 downgraded Google for chrome and Android a root certificate from Symantec not trusted a because it contained an RSA key with a length of 1024 bits, which was seen no longer as safe and no longer comply of CA / Browser Forum was. The security company unauthorized issuing certificates for google.com and www.google.com also had to concede. According to Symantec, these were used only for internal testing purposes. Fall into unauthorized hands, would have to used however for monitoring and data theft. Google demanded a thorough reconnaissance of the falls and threatened in October 2015 already failing to warn against sites with Symantec certificate in chrome.

[withmaterialbyChrisDuckett ZDNet.com ]


open Telecom cloud: resources on demand

from Capex to Opex: turn companies just reinforced rigid investment costs in dynamic editions, which adapt to the business – IT capacity from the cloud, rather than from their own servers and be so flexible. Popularity: Infrastructure-as-a-service (IaaS) from the open Telecom cloud.

Be the first to comment

Leave a Reply