MENU
  • Enom.com
  • Resellers

Enom Blog

Symantec and Google avert SSL meltdown

June 7, 2017

Announcement, Featured, News, SSL

 Like

Views: 6036

Google shook up the SSL industry back in March of this year when they released a proposal addressing “a series of failures by Symantec Corporation to properly validate certificates.” The outlined restrictions would effectively withdraw the Chrome browser’s trust in all certificates issued by Symantec. They notably included the removal of the green browser address bar, the primary visual indicator of Symantec-issued Extended Validation (EV) certificates.

Though aimed at developers, the announcement sent waves of concern and uncertainty through the entire SSL industry and beyond. Symantec’s initial response defended their validation processes. However, details surrounding the alleged mis-issuance of thousands of certificates had already been released. It appeared that in the end, certificate holders were likely to suffer from the results of this power struggle.

Since then, what was initially an explosive public debate has turned into a nuanced and constructive conversation, wherein both major players have taken on a more diplomatic stance. Both parties now seem committed to finding a way forward that will minimize the impact on Symantec customers and their end-users.

Two months following the release of the initial proposal, Google and Symantec, with input from the rest of the Internet community, seem to have arrived at a common solution. On May 19, 2017, Google proposed an updated plan that would require Symantec to implement some significant changes to the way they operate their Certificate Authority (CA). In return, Google would continue to support Symantec certificates in their Chrome browser.

Symantec responded to the new proposal last week, and while a few details still need to be ironed out, there appears to be general agreement on how to move forward. The good news is that most of the heavy lifting will fall to Symantec and, to some extent, the browser developers, instead of the certificate holders.

Here’s what we can expect to see if this updated proposal is enacted:

  • Symantec would essentially rebuild its internal infrastructure from scratch over the next two years to create a new platform for certificate validation and issuance.
  • Until their modernized internal platform is ready, and its associated root keys are accepted across all major browsers, Symantec would work with 3rd-party CAs to perform the validation process. It’s important to note that the root keys tied to the previous platform would remain in place, allowing browsers to easily determine whether a certificate was issued from the old or new platform.
  • Partnering with trusted sub-CAs would allow Symantec to continue to issue Extended Validation (EV) certificates, and enable Chrome and other browsers to maintain trust for EV certificates and continue to display the green address bar.
  • Newly-issued certificates would be valid for longer than the 9-month period originally suggested by Google, though the exact length of the validation period is still being discussed.
  • Existing certificates, issued prior to June 1, 2016, might be gradually phased out and may eventually require revalidation. It is unclear at this time however, if this requirement is feasible, given the vast number of certificates that would need to go through the revalidation process.

There’s still plenty of discussion about the details, but the nature of the conversation suggests that a solution, one which averts a major SSL meltdown, will be reached sooner rather than later. We’ll keep you updated as the fine points are finalized. The good news is that at present, there’s reason to remain confident in your existing SSL Lineup and selling practices.

Share on FacebookShare on TwitterShare on Linkedin

June 7, 2017

Google, Online Security, SSL, Symantec

 Like

Views: 6036

Previous post:
Enom 3 months after the Tucows acquisition
Next Post:
We’re improving Customer Support. Because you deserve better.

Comments are closed.

FEATURED POSTS

  • How to Win by Treating Your Customers as Members

    August 13, 2020

  • A Great Domain for Freelancers and Entrepreneurs? Try .ME

    June 22, 2020

  • Bandzoogle: website builder for musicians

    June 1, 2020

  • security lock and credit cards on keyboard

    Avoiding COVID-19 Cyberattacks with Security Best-Practices

    April 28, 2020

CATEGORIES

  • Advice
  • Announcement
  • Developers
  • DNS
  • Featured
  • Fun
  • GDPR
  • Industry Insight
  • New TLDs
  • News
  • Premium Domains
  • Promotion
  • Resellers
  • Roadmap
  • SSL
  • Uncategorized
  • WTB

ARCHIVES

  • December 2020
  • November 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • April 2020
  • March 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • September 2018
  • August 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • January 2016
  • December 2015
  • November 2013
Support

Report Abuse
Help Center
Contact Us

Resources

WHOIS Lookup
Maintenance Alerts
Developers
Products & Services

Domain Name Search
Premium Domains
Web Hosting
SSL Certificates
Website Builder
Basic Email
Bulk Tools

© 2021 Enom Blog |