Symantec Rejects Google’s Certificate Plan, Promises To Be Good From Now On

[Lucian Armasu]

Symantec offered alternative improvements it can make to its certificate validation process to avoid Google's plan to distrust all of its existing certificates.

Symantec Rejects Google’s Certificate Plan, Promises To Be Good From Now On : Read more

 

[eathdemon1]

said this over on ars, but I 100% side with google, they broke the web of trust that underpins the whole internet.

 

[Paul Haneline]

Mixed Reality? More like false Reality.

 

[derekullo]

Google rejects your plan to reject Google’s Certificate Plan.

 

[toadhammer]

"We double-extra-special mean it this time that we won't do it again."
Some of this sounds like the same audits that were promised last time. The proposal for recurring audits, etc, might reasonably sway google. On the other hand, some of their earlier audits did not catch all the issues!

 

[shpankey]

just switch antivirus programs. problem over.

 

[NotAnotherUpdate]

The company will also conduct a six-month WebTrust audit for the period from December 1, 2017 to June 30, 2017.

So, Symantec has a time machine available...time to send them a resume...or get them to at least send me my Christmas gifts 7 months early?

 

[kenjitamura]

Google to Symantec: "You are a company that sells security and have been found to be negligent and insecure to an extreme extent and trust has been broken. To rebuild this trust we are going to require you to take the most efficient steps to fix your mistake even though they are drastic. Trust for you to do the right thing cannot exist otherwise."

Symantec to Google:"Alright we hear you but rather than take the most efficient method we're going to take a series of dubious methods that incorporate the same kind of processes that allowed for our gross negligence and ask that you forgive us with just that. Please."

Google:".... I think this conversation is over."

 

[randomizer]

This is the problem with faith-based security.

 

[Virtual_Singularity]

just switch antivirus programs. problem over.

Excellent idea. Hmm, which one then? Otoh, switching browsers may be an idea, also? Was it Kaspersky that 1st had the same issue with google or Symantec (Norton)? Any others awaiting the same action? The irony is made all the more palpable when the notion almighty google, with more than its own share of "trust issues" (censorship being but one of them) expects the consumer to trust that "google knows best", in every instance...

 

[thuckabay]

Symantec has been a fly-by-night company for the past decade-plus. They used to produce quality software and products, but then abandoned several of those while telling their customers to go fly a kite. I am unsurprised that Symantec still has crappy management (only such management could allow this situation with certificates to have developed in the first place), and recommend that Google puts the screws (maximally) to Symantec over this. It's time for Symantec to clean house, starting with all its upper management, as they are a disreputable company and have been for a very long time, sadly. Symantec was once tops, but for me it has been bottoms for twenty-plus years. That's a shame.