Google Chrome plans to distrust Symantec, GeoTrust, Thawte SSLs

Security

Distrust will be Done on Future

In September 2017 Google announced that it had a problem with Symantec for SSL industry standards to issue a Extended Validation certificate . Extended Validation is highest point of check the authority or organisation detailed about everything about the organisation .

Google Chrome team have researched that more than 30k Extended Validation certificate will issued improperly over the past few year . Symantec multi brand SSL providers who own geotrust , rapid ssl, thawte , VeriSign . Google is considering to a harsh punishment for repeated incidents in which Symantec or it re sellers improperly issued ssl certificates .

According to a Netcraft survey from 2015, Symantec is responsible for about one in every three SSL certificates used on the web, making it the largest commercial certificate issuer in the world. As a result of acquisitions over the years the company now controls the root certificates of several formerly standalone certificate authorities including VeriSign, GeoTrust, Thawte and RapidSSL.

SSL/TLS certificates are used to encrypt the connections between browsers and HTTPS-enabled websites and also to verify that users are actually visiting the websites they intended to and not spoofed versions. These certificates are issued by organizations known as certificate authorities that are trusted by default in browsers and operating systems.

As the root certificate for Symantec will be removed, the move means credentials from the security vendor’s Thawte, GeoTrust and RapidSSL subsidiaries will also be distrusted.

On Google Official Blog Said:

At the end of July, the Chrome team and the PKI community converged upon a plan to reduce, and ultimately remove, trust in Symantec’s infrastructure in order to uphold users’ security and privacy when browsing the web. This plan, arrived at after significant debate on the blink-dev forum, would allow reasonable time for a transition to new, independently-operated Managed Partner Infrastructure while Symantec modernizes and redesigns its infrastructure to adhere to industry standards. This post reiterates this plan and includes a timeline detailing when site operators may need to obtain new certificates.

On January 19, 2017, a public posting to the mozilla.dev.security.policy newsgroup drew attention to a series of questionable website authentication certificates issued by Symantec Corporation’s PKI. Symantec’s PKI business, which operates a series of Certificate Authorities under various brand names, including Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL, had issued numerous certificates that did not comply with the industry-developed CA/Browser Forum Baseline Requirements.

During the subsequent investigation, it was revealed that Symantec had entrusted several organizations with the ability to issue certificates without the appropriate or necessary oversight, and had been aware of security deficiencies at these organizations for some time.

Who will be affected from distrust ? If you are a current user of Symantec certificate or plan to purchase one in 2017, this could affect you. In which certificate distrust will done . Symantec multi brand ssl certificate authority who own geotrust , thawte , rapidssl and verisign if you are one of the ssl user you might be affected in Next year 2018 you don’t need to be panic . You able to reissue your certificate from the vendor when you not done and affected by distrust your certificates validity will be show less than month slightly .

May be like Google Chrome Firefox also distrust the ssl in their browser but they are not committed on responded anywhere on the internet .

Dates of Destruction will apply via chrome updates

Chrome 59 (Dev, Beta, Stable): 33 months validity (1023 days)
Chrome 60 (Dev, Beta, Stable): 27 months validity (837 days)
Chrome 61 (Dev, Beta, Stable): 21 months validity (651 days)
Chrome 62 (Dev, Beta, Stable): 15 months validity (465 days)
Chrome 63 (Dev, Beta): 9 months validity (279 days)
Chrome 63 (Stable): 15 months validity (465 days)
Chrome 64 (Dev, Beta, Stable): 9 months validity (279 days)