Last Thursday, a Google developer announced that Chrome will be reducing its levels of trust in Symantec issued SSL certificates, as well as those issued by its subsidiaries. This comes after a two year skirmish between the two companies, with Google asserting that Symantec has continually failed to follow appropriate verification practices.
Under Google’s proposal, the Extended Validation status from Symantec issued certificates will be removed, the validity period of newly issued Symantec certificates will be gradually reduced to a maximum of nine months, and current Symantec certificates will be incrementally distrusted with each Google Chrome release up to 64. These measures aim to balance out compatibility problems alongside the security risks.
Read the rest of this post »