Google Has Enough of Symantec's Dodgy SSL Certificates, Bans Them From Chrome, Android

[Batu69]

Symantec didn't really care in September, doesn't care now

Google has made good on its promise and banned root certificates issued by Symantec. The ban applies to Google Chrome, Android, and several other Google products.

The search giant had a bone to pick with Symantec since late September when Google discovered 23 certificates issued in its name by one of Symantec's subsidiaries.

Symantec tried to explain itself by saying the certificates were issued for internal tests and got leaked under unknown circumstances by three employees, who the company eventually fired.

The incident escalated towards the end of October when Google discovered 164 other Symantec certificates issued for 76 other domains, along with a huge batch of 2,458 certificates issued for yet unregistered domains. Google published a statement on its blog, the equivalent of a last warning.

It appears that now Google has decided to act on Symantec's arrogance/indifference and has outright banned the Class 3 Public Primary CA root certificate operated by Symantec.

Google bans Symantec root certificate after the company strays off official standards

"Symantec has decided that this root will no longer comply with the CA/Browser Forum's Baseline Requirements," said Ryan Sleevi, Google Software Engineer, today on the company's Security blog. "As these requirements reflect industry best practice and are the foundation for publicly trusted certificates, the failure to comply with these represents an unacceptable risk to users of Google products."

Symantec did not provide any public statement on its site regarding Google's latest decision.

Mr. Sleevi said Symantec has privately told Google that the particular root certificate the company was banning was not scheduled to be used to issue any new certificates for publicly-trusted connections.

Symantec also told Google that they don't "believe" any of their clients that use Symantec-issued certificates will be affected by this ban.

This ban is the result of an audit Google did of Symantec's certificates after the previous two incidents. This is not the first time Google has banned root certificates from a CA (Certificate Authority), the company applying the same punishment for Dutch-based CA Diginotar back in 2011, and the CNNIC CA in March 2015.

News source

[davmil]

Like McAfee before it, Symantec has totally lost it's way.  The sooner they  close their doors, the better.