Google will invalidate more than 30,000 SSL certificates issued by Symantec
After an investigation to detect a number of security holes in the certificate validation process issued by Symantec, the Google Chrome team determined that Symantec's certificate issuing policies and practices in recent years have not been rigorous and could threatening the integrity of the TLS system. According to the research, Symantec would have issued more than 30,000 Extended Validation certificates considered unreliable, which will not be recognized by Google until the company corrects the errors.
Since Symantec have branded Google's position as irresponsible and exaggerated, and that only 127 certificates had been affected.
References:
- 23/03/2017 groups.google.com Intent to Deprecate and Remove: Trust in existing Symantec-issued Certificates
- 24/03/2017 arstechnica.com Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs
- 24/03/2017 symantec.com Symantec Backs Its CA
- 24/03/2017 redeszone.net Google revocará más de 30.000 certificados emitidos por Symantec
- 24/03/2017 computerworld.es Google se enfrenta a Symantec por la invalidez de 30.000 certificados SSL