Symantec
Is Symantec trying to challenge Slurp for the most despicable software house in the world?
Symantec has confirmed that it's revoked another bunch of wrongly-issued certificates. Andrew Ayer of certificate vendor and wrangler SSLMate went public with his discovery last week. The mis-issued certs were issued for example.com, and a bunch of variations of test.com (test1.com, test2.com and so on). On Saturday, Symantec …
Not having them can be more expensive. Think lost business because not trustworthy.
It's about building a chain of trust and showing that you are among those who make the effort. Of course, the fact that there are self-signed certificates kinda defeats the point, but then again, it can be argued that self-signed are just as valid as CA-signed, especially when CAs goof up and do stupid things. Errare humanum est and all that. For Joe User it must be impossibly confusing.
The fact remains that we are in dire need of knowing who to trust and who to be cautious about in the Wild Wild Intertubes. This certificate thing could help in the long run.
This is meant as an explanation, not validation...
For certificate providers, it depends what you're doing - the cost of the certificates is often tied to the warranty/insurance offered with the certificate in the event that an end user loses money in the event of a certificate compromise.
Given the conditions required to get paid out, it's unlikely that a payout would occur, but I guess with Symantecs shenanigans payouts do occur.
My experience has been if the customer wants the insurance, the account managers/sales people I have worked with have always been happy to use them and charge their own percentage on top of that...
Year and years ago. In a land far away... Symantec wasn't able to grow their business organically, so Managements tacked on acquisitions to demonstrate to Wall Street they were doing something.
Managements came and went, and the knowledge of what all these "things" did was lost, so they added new "things" and the cycle repeated.
..... I forgot where I was going with this...perhaps Symantec has my backup.