Security & Fraud

Google, Symantec Battling Over Internet Encryption

Google is picking up its fight with Symantec, saying last week that it is reducing the level and length of trust Chrome will give Symantec-issued certificates.

According to a report in TechCrunch, Google contends Symantec hasn’t been taking its role seriously and has released 30,000 or more certificates in which the security software company didn’t verify the websites received the certificates. The report noted the allegation against Symantec is serious and undermines the trust users place in the encrypted web.

Google also said it’s in the process of distrusting Symantec certificates in Google’s Chrome browser. Symantec called Google’s allegations “irresponsible” and “exaggerated and misleading,” noted the report.

“Since Jan. 19, the Google Chrome team has been investigating a series of failures by Symantec Corporation to properly validate certificates. Over the course of this investigation, the explanations provided by Symantec have revealed a continually increasing scope of misissuance with each set of questions from members of the Google Chrome team; an initial set of reportedly 127 certificates has expanded to include at least 30,000 certificates, issued over a period spanning several years,” Google Software Engineer Ryan Sleevi wrote in a forum post outlining the case against Symantec.

“This is also coupled with a series of failures following the previous set of misissued certificates from Symantec, causing us to no longer have confidence in the certificate issuance policies and practices of Symantec over the past several years,” he wrote.

To fix the situation, the Google executive said Chrome will scale back the length of time its Chrome browser trusts certificates issued by Symantec, and over time websites will have to replace their old Symantec certificates with newer ones that are more trustworthy, noted the report. Sleevi noted Symantec hasn’t met the minimum requirements for issuing certificates and puts Chrome users at risk.


Latest Insights: 

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. The July 2019 Pay Advances: The Gig Economy’s New Normal, a PYMNTS and Mastercard collaboration, examines pay advances – full or partial payments received before an ad hoc job is completed – including how gig workers currently use them and their potential for future adoption.

Click to comment


To Top