Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Mozilla offers its opinion on the Symantec-Google certificate issue

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

May 3, 2017

We learned today that Mozilla has offered its opinion in the ongoing Symantec-Google certificate debate, telling Symantec it should follow Google's advice on how to restore trust in its SSL certificates.

You might recall that Symantec has repeatedly issued SSL certificates that didn't ring true with browser makers and at the end of April, Google started a countdown, the conclusion of which would see its Chrome browser warn users if it encountered Symantec's almost bogus certificates.

Symantec offered up a remediation plan, mostly based on putting auditors through the process... But it looks like that's not enough for Mozilla. To say that the situation is escalating would be an understatement.

For example, Mozilla developer Gervase Markham has posted a note to Symantec at Google Docs. Mozilla strongly suggests that Symantec take a deep breath and swallow the bitter pills that Google has prescribed.

Chief among Google's suggestions is that Symantec work with one or more existing certificate authorities (CAs) to take over its weakened infrastructure and rework its key validation processes.

That would relegate Symantec to more-or-less the classic reseller status, letting it maintain its customer relationships but relieving it of its most basic responsibility for ongoing internet security operations.

The alternative, Markham writes, is for Symantec to:

  • Symantec needs to document its PKI and delete the parts that don't comply with the CA/Browser FBR;
  • Symantec should restrict newly-issued Symantec certificates to a maximum validity period of 13 months;
  • Symantec should reduce the lifetime of existing Symantec certificates to a maximum of 13 months.
  • The underlying message of Mozilla's opinion is that it just doesn't feel Symantec realizes just how serious its issues are. As Markham asserts, Symantec cannot establish that it adequately demonstrates that they have fully understood the seriousness of the security issues presented, and that their proposed measures mostly amount to doing no more of what has not succeeded in producing consistent high standards in the recent past.

    The reason isn't wrongdoing. It's simply that Symantec seems to have lost control of its intermediaries, suggested Markham.

    Source: The Mozilla Foundation.

    Sponsered ads:
    Read the latest IT news. Visit ItDirection.net. Updated several times daily.

    If you need reliability when it comes to SMTP servers, get the best, get Port 587.

    Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

    Share on Twitter.


    Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
    Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer