Google is accusing Symantec and other partners for misusing thousands of certificates on encrypted connections on the web. Google is downgrading the length and level of trust Chrome is going to place in the certificates provided by Symantec.
HTTPS, the encrypted web connections, like those on new sites, login pages, and banking sites, have the enabling of Certificate Authorities, who verify owners and issues them with authenticating certificate. This authority is just like aa agency for passports, and these certificates are like passports. Without their authentication, users cannot trust the HTTPS connection end.
Symantec is enormous in the world of Cas. Its certificates vouch for almost thirty percent of all certificates in the market. However, Google claims Symantec is not taking its role seriously as it has given over thirty thousand certificates without proper identification of websites. This allegation is serious and undermines the users’ trust in encrypted webs, and Google reiterates that it will embark on a process of distrusting certificates Symantec is offering in the Chrome browser. Symantec, on the other hand, has responded to these claims saying that they are exaggerated, irresponsible and misleading.
Since January, the team of Google Chrome has been investigating the failures Symantec has been doing by improper validation of certificates. An explanation from Symantec has revealed continued issuance of over thirty thousand certificates. This couples with various failures that follow previously issued certificates and this behavior have caused lack of confidence in the policies of certificate issuance from Symantec.
Chrome will reduce the time length the browser is going to trust certificates from Symantec for remedying this situation. Therefore, sites will have to replace older certificates with new and trusted ones.
Sleeve continues to say that Symantec has failed to meet basic requirements for certificate authority and is exposing Chrome users to a significant risk. The issue with Chrome started in 2015 when Google made a discovery that Symantec had only issued certificate for Opera and Google browsers only.
Symantec said that the issued certificates were just part of routine testing. Symantec says that Google is exaggerating the number of wrongfully issued certificates thus creating a problem.
Symantec claims that the statements of Google about the practices of issuance and the scope of previous issuances are misleading and exaggerated. The information from Google has resulted in a consumer harm, and Leevi says Symantec had previously partnered with CrossCert from Korea which did not follow proper procedures for verifying issuance of 30,000 certificates leading to the current mess.
Leevi continues to say that Symantec has taken the responsibility of acknowledging awareness of this mess and that one party failed in disclosing the root programs. These parties issued these certificates without assessing compliance of core standards in the industry. He further states that these certificates have no way of uniquely being distinguished from those validated by Symantec.
As Google and Symantec continue fighting, Symantec says that it is ready to hold discussions with Google for finding a resolution. However, website owners who use Symantec for verification will have to take steps to ensuring that users of Chrome will be able to access sites seamlessly. On the same note, Symantec has canceled relations with four associated firms and Chrome will have no problems with its certificates. Symantec will embark on defending productive and safe internet use by minimizing disruptions caused by Google.