Google Plans to Reduce Trust in Symantec's TLS Certificates Due to 'Continual Misissuance'

Advertisement
By Tasneem Akolawala | Updated: 27 March 2017 18:21 IST
Highlights
  • Google to reduces trust in Symantec certificates
  • This is due to failure in properly validating certificates
  • Symantec says the claims are 'exaggerated'

Google's Chrome team is unhappy with the loose way in which Symantec issues transport layer security (TLS) certificates, and is considering incremental distrust Symantec TLS certificates moving forward. This planned step was announced by Google due to "a continually increasing scope of misissuance" from Symantec. It plans to reduce the trust on the biggest issuers of security certificates gradually, as well as revoke recognition of their extended versions for a year.

Ravi Sleevi, a software engineer on the Google Chrome team, wrote on the Blink online forum that the Chrome developers "no longer have confidence in the certificate issuance policies and practices of Symantec over the past several years."

Advertisement

Sleevi has proposed a reduction in the accepted validity period of newly issued Symantec-issued certificates to nine months or less. Furthermore, he also proposes the removal of recognition of the Extended Validation status of all certificates issued by Symantec for at least a year. This will put the company into a lot of pressure, as its customers will then demand a refund. Lastly, Sleevi also proposed "incremental distrust, spanning a series of Google Chrome releases, of all currently-trusted Symantec-issued certificates, requiring they be revalidated and replaced."

Taking into account the last 30,000 certificates issued by Symantec since January 19, Google claims that the security firm hasn't done enough to verify the site, and ensure that the certificates are issued correctly. "Root certificate authorities are expected to perform a number of critical functions commensurate with the trust granted to them. This includes properly ensuring that domain control validation is performed for server certificates, to audit logs frequently for evidence of unauthorized issuance, and to protect their infrastructure in order to minimize the ability for the issuance of fraudulent certs," Sleevi explains in the forum further claiming that Symantec has failed to follow these principles.

Symantec, on the other hand, strongly opposes these accusations and calls them "exaggerated and misleading", as per a BBC report. The company claimed that out of the 30,000, only 127 were identified as wrongly issued, and that it feels that Google has 'singled it out' over the other certificate issuers that are also at fault. "We are open to discussing the matter with Google in an effort to resolve the situation in the shared interests of our joint customers and partners," Symantec told BBC in a statement.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Amazon Prime Day 2026: 55-inch Smart TV Deals from Lumio, Samsung and More
  2. iPhone 18 May Receive RAM Boost to Handle Apple Intelligence Better
  3. Best Gaming Laptops Under Rs. 80,000 in India
  4. Amazon Prime Day Laptop Deals: Best Discounts on HP, Asus, Lenovo and More
  5. Everything We Know About the Nothing Phone 4b
  6. Amazon Prime Day 2026: Best Deals on Fire TV Stick and Streaming Devices
  1. Xiaomi 18 Pro Max Camera, Display, Battery Details Tipped; May Get 8,500mAh Battery, 200-Megapixel Cameras
  2. iPhone 18, iPhone 18e Tipped to Get 9GB RAM Upgrade for Apple Intelligence; Pro Models May Stick With 12GB
  3. Amazon Prime Day 2026 Laptop Deals: Best Discounts on HP, Asus, Lenovo, Dell, Acer Models
  4. Best Camera Phones Under Rs. 30,000 for Content Creators in India: Motorola Edge 70 Fusion, Galaxy F56, More
  5. Boat Stone 900 Launched in India With Up to 80W Sound Output, Up to 15 Hours Audio Playback: Price, Features
  6. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  7. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  8. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  9. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  10. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.