Symantec confront Google claims, assuring users all is well with their security certificates

What’s the problem?

Google have made claims that Symantec is doing a poor job at issuing and validating security certificates. Symantec have retorted, assuring that these claims are ‘exaggerated’ and all is well.

Google‘s statement:

“On the basis of the details publicly provided by Symantec, we do not believe that they have properly upheld these baseline requirement principles”

Googles have argued that Symantec have fallen short with their checks. The allegation proposes evidence for over 30,000 suspect certificates issued over the last few years, but is this correct?

Symantec have clarified that this number is in fact a much smaller 127 that will be dealt with immediately.

What does it all mean: 

compete

Security certificates are what is used to confirm website security.These licenses ensure that the information being shared is encrypted. Once in place, the browser is signaled to add an encryption layer that protects traffic.

Even if only one side of communication is authenticated, users can still stay secure on an insecure network.

They use SSL (secure socket layer) or TLS (transport layer security) to establish a private connection between a server and a browser.

Extended validation certificates are the highest class of SSL available and require verification from a certificate authority (such as Symantec). These enable the organisation behind the website to present its own verified identity.

You can spot these in the URL:

  • Security certificate: It will begin with https://’ rather than ‘http://’ to prove it is validated (by Symantec or another certificate authority).
  • Extended validation certificate: There will be a small image of a padlock and green background to the web address.

What affect could it have?

Doubts about Symantec had lowered the level of trust that Google has in them. Google have considered plans to change its Chrome browser to stop recognising some Symantec certificates unless they comply with their requests:

  • To re-validate and re-issue millions of certificates
  • For the validation period of these certificates to be lowered to 9 months.

If not, users would get warnings that sites are insecure or will be blocked from visiting them. This is significant given that Symantec secure 40% of all internet traffic.

This would affect users ability to shop or bank online safely. Individuals would therefore become more skeptical when considering donating or offering their details online.
web security

What happens next?

Symantec have disagreed with claims made about them, labeling them ‘exaggerated’ and believe ‘Google has singled out the Symantec Certificate Authority in its proposal’.

Fortunately, they’re considering Googles proposal for a re-issuing of the actual ‘suspect licenses’ if they do in fact decide to block certain content. In either case, they have stated:

“In the event Google implements its proposal, Symantec will ensure your websites, web-servers or web applications continue to work across browsers… This may require Symantec to reissue your certificates, which we would do..at no charge.”

Symantec have dealt with the situation effectively. Users can therefore rest assured that no trouble should fall on the user if things are done right.

Cost or inconvenience will therefore not be suffered  by your organisation if you are a Symantec user. The 127 licenses will be immediately corrected behind the scenes so you can continue as normal.

If you want to find out more about Symantec and what they offer, you can follow this link.

 

Join our community and keep up to date with the latest news, blogs and releases by following us on Facebook.

Copyright © 2017 Tech Trust.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License