Mozilla Warns To Plans Distrust All Symantec-Chained Certs

Mozilla Warns To Plans Distrust All Symantec-Chained CertsSymantec certificates

The Firefox and Chrome both will reject the Symantec-chained TLS certificates by October. The pair of web browsers continues down the path of distrusting Symantec certificates first laid out last year. Mozilla said, ‘ in the move to distrusting Symantec certificates issued before June 2016 in Firefox 60, it saw the number of sites affected collapse from 1 percent in early March to less than 0.15 percent on May 9.’

In a blog post, Mozilla said that the Firefox 63 planned to release on October 23, and when they distrust Symantec in the Firefox 63 then the switch will affect 3.5 percent of the top 1 million sites. The Chrome 70 is set for release on October 16 and the Chrome is also set to do the same with Chrome 70, like as Firefox 63.

Mozilla also said, ” as the Firefox 63 release approaches, we expect the same rapid pace of improvement that we observed with the Firefox 60 release.”

Security Consultant Liam O pointed out that, among the sites impacted if the change were to happen now is PayPal, that currently serves up a Symantec certificate which expires on October 31, 2019. Mozilla said, the number of sites using Symantec-chained certificates has fallen by 20 percent in the past two months.

Chrome 66 removed trust in April, for Symantec certificates which published before 2016 June. In July 2017, Google began distrusting the Symantec-issued TLS certificates and, on this month, Hanno Bock, the security researcher tricked Symantec into incorrectly revoking certificates based on forged private keys.

The security researcher Hanno Bock said, “Symantec did a major blunder by revoking a certificate based on completely forged evidence. There’s hardly any excuse for this, and it indicates that they operate a certificate authority without a proper understanding of the cryptographic background.” The Symantec’s website security business was sold after weeks later to DigiCert for $950 million cash upfront and, a 30 percent stake in DigiCert.

Mozilla announced, “we strongly encourage website operators to replace any remaining Symantec TLS certificates immediately to avoid impacting their users as these certificates become distrusted in Firefox Nightly and Beta over the next few months.”


Sharing is caring…


You may also like...

%d bloggers like this: