Google threatens action against Symantec-issued certificates following botched investigation

Google wants Symantec to disclose all certificates issued by its SSL business going forward, after what Google considers a bodged investigation into how Symantec employees issued SSL certificates for domain names that the company did not own.

The browser maker also wants the security firm to publish a detailed analysis of how the incident was investigated.

Through its acquisition of Verisign’s authentication business unit in 2010, Symantec became one of the largest certificate authorities (CAs) in the world. Such organizations are trusted by browsers and operating systems to issue digital certificates to domain owners which are then used to encrypt online communications.

To read this article in full or to leave a comment, please click here