Chrome engineer proposing to take hatchet to Symantec certs
2015, Google Chrome may (at this point internally proposing – not a scheduled implementation) stop recognizing the (full) validity of Symantec certs after fixed durations. Google currently (with Chrome 57) distrusts Symantec issued certs at their face value but with Chrome 59 would reduce it to 33 months (1023 days) then with Chrome 60 it would reduce to 27 months..and so forth. Eventually Chrome would only recognize Symantec certs as valid for a maximum date from issuance of 9 months (279) days. Here is the proposed Chrome rollout schedule: 59 Jun 6th, 2017 60 Aug 1st, 2017 61 Sep 12th, 2017 62 Oct 24th, 2017 63 Dec 12th, 2017 Many companies currently use GeoTrust and Thawte which are operated by Symantec. This means those companies would need to accept Chrome’s requirement for re-issuance more frequently or else change their CA root authorities (i.e. find another cert vendor.) Symantec currently holds approximately 35-40% of the cert market. (Remember the days when Thawte was the independent underdog?) This is all hay at this point but something worth tracking if ever so diligently or out of curiosity. The discussion has been led along by Ryan Sleevi – the Chrome engineer at Google proposing it. ]]>