I got this from a friend earlier today: https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/eUAKwjihhBs/rpxMXjZHCQAJ (Google Chrome – Intent to deprecate and remove trust in existing Symantec-issued Certificates)

It seems that, since a series of failures from Symantec to properly validate certificates (an issue that seems to be affecting over 30000 mis-issued certificates), Google Chrome is starting to deprecate and distrust Symantec-issued certificates.

I remember last year that a bunch of online services lost compatibility with Chrome as they were using Symantec-issued certificates). As highlighted in the notice from the link above, this is a problem that is not new (see this post on Google’s Security Blog from 2015).

Quoting the notice from Google, Chrome is proposing the following steps:

  • A reduction in the accepted validity period of newly issued Symantec-issued certificates to nine months or less, in order to minimize any impact to Google Chrome users from any further misissuances that may arise.

  • An incremental distrust, spanning a series of Google Chrome releases, of all currently-trusted Symantec-issued certificates, requiring they be revalidated and replaced.

  • Removal of recognition of the Extended Validation status of Symantec issued certificates, until such a time as the community can be assured in the policies and practices of Symantec, but no sooner than one year.

This is a pretty big deal and could result in a big mess of services stopping to work with Chrome… for a good reason, though, as this is clearly to ensure the security and trust in the certificates used to anchor the Internet’s security infrastructure.

If you are a SysAdmin, they are requesting feedback on this proposal.

Folks are starting to talk about this on reddit and other forums. I expect this to be in the news tomorrow… or not. After all, they are not fully distrusting Symantec, but putting them in some sort of “probation period”.

 

Update (03/24/17): As expected, if you google today “Chrome Symantec certificates” you get a ton of news stories on this…

Advertisements