Take Google’s advice and get out of CA infrastructure’Mozilla has weighed in to the ongoing Symantec-Google certificate spat, telling Symantec it should follow the Alphabet subsidiary’s advice on how to restore trust in its certificates. Readers will recall that Symantec has repeatedly issued certs that didn’t ring true with browser-makers and at the end of April 2017 Google started a countdown, the conclusion of which would see its Chrome browser warn users if it encountered Symantec certs. Symantec offered up a remediation plan, mostly based on putting auditors through the joint. But it looks like that’s not sufficient for Mozilla. UK-based Mozilla developer Gervase Markham has posted his note to Symantec at Google Docs here. Mozilla strongly suggests that Symantec take a deep breath and swallow the bitter pills doctor that Google has prescribed here. Chief among Google’s suggestions is that Symantec work with one or more existing certificate authorities (CAs) to take over its troubled infrastructure and rework its validation processes. That would relegate the company to more-or-less reseller status, letting it maintain its customer relationships but relieving it of responsibility for ongoing operations. The alternative, Markham writes, is for Symantec to:
Why so harsh? The core of Mozilla’s argument is that it just doesn’t feel Symantec grasps how serious its issues are. As Markham writes, Symantec cannot establish that it “adequately demonstrates that they have grasped the seriousness of the issues here, and that their proposed measures mostly amount to doing more of what, in the past, has not succeeded in producing consistent high standards.†The reason, Markham writes, isn’t wrongdoing (so “we are not in StartCom/WoSign territoryâ€), it’s simply that Symantec seems to have lost control of its intermediaries. ® Sponsored: The post Mozilla Takes A Turn Slapping Symantec's Certification SNAFU appeared first on Gigacycle Computer Recycling News. from https://news.gigacycle.co.uk/mozilla-takes-a-turn-slapping-symantecs-certification-snafu/
0 Comments
Leave a Reply. |
ABOUT USFree, secure collections for I.T recycling and CESG approved data erasure for individuals, businesses and large-scale projects. I.T Asset Disposal | Computer Recycling | Re-marketing & Cashback | Secure Data Erasure. Archives
May 2017
Categories |