Firefox 63 to Distrust All Symantec Root Certificates

[LASER_oneXM]

Mozilla this week detailed its plans to completely distrust Symantec root certificates in Firefox 63, set to arrive in October 2018.

Over the past couple of years, numerous problems have emerged regarding the wrongful issuance of certificates issued by the Certification Authority (CA) run by Symantec, one of the oldest and largest CAs.

These issues prompted Internet companies such as Google and Mozilla to gradually remove trust in all Symantec TLS/SSL certificates and also resulted in Symantec selling its CA business to DigiCert.

Mozilla expressed concerns that the deal wouldn’t bring the expected changes, as the same Symantec team would be in charge of certificate issuance for DigiCert. The CA, however, said it would validate all certificates requested through Symantec and issue them through its own infrastructure.

 

[Deleted member 65228]

Good on Firefox, taking matters into their own hands to do something right. You know what they say, if you want something done properly you have to just do it yourself.

They should target COMODO with this as well.

 

[upnorth]

After reaching an agreement with Google regarding penalties for misissued digital certificates, Symantec announced on Wednesday that it has made a deal with DigiCert to sell its website security and related public key infrastructure (PKI) solutions.

The transaction has been approved unanimously by Symantec’s board of directors and is expected to be completed in the third quarter of fiscal 2018. DigiCert will continue to operate under the supervision of CEO John Merrill from its headquarters in Lehi, Utah, where it will employ more than 1,000 people. With the acquisition of Symantec’s certificate business, the company is expected to bring new approaches to the TLS market and benefit from growth opportunities in IoT.

Trustico wanted to move all its customers from Symantec's soon-to-be-distrusted infrastructure to Comodo certificates. It asked DigiCert —now in charge of Symantec's old SSL infrastructure— to mass-revoke 50,000 certificates. DigiCert declined, saying that only end-customers, and not the reseller, can initiate a revocation.

DigiCert said the only way Trustico would be able to mass-revoke so many certificates without client approval would be if the certificates were compromised. Trustico then sent the private keys of over 23,000 customers via email to DigiCert —effectively compromising the security and privacy of those certificates.

A red thread?

Source :

Symantec to Sell Certificate Business to DigiCert for $950 Million | SecurityWeek.Com

Trustico States They Stored Private Keys for Customers' SSL Certificates