Reply to post:

Google slaps Symantec for sloppy certs, slow show of SNAFUs


Here's the paragraph that will cost Symantec a lot of money:

"Given the nature of these issues, and the multiple failures of Symantec to ensure that the level of assurance provided by their certificates meets the requirements of the Baseline Requirements or Extended Validation Guidelines, we no longer have the confidence necessary in order to grant Symantec-issued certificates the “Extended Validation” status. As documented with both the current and past misissuance, Symantec failed to ensure that the organizational attributes, displayed within the address bar for such certificates, meet the level of quality and validation required for such display. Therefore, we propose to remove such indicators, effective immediately, until Symantec is able to demonstrate the level of sustained compliance necessary to grant such trust, which will be a period no less than a year. After such time has passed, we will consider requests from Symantec to re-evaluate this position, in collaboration with the broader Chromium community."

Did yo catch the "effective immediately" part?

The bank I work for has been reticent to leave Symantec because of old people afraid of change. Not any more. We're moving to replace every Symantec certificate we use because we rely on EV certs as part of our customer anti-phishing education campaign. And we just saved tens of thousands of dollars a year as well.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon