[aklug] Chrome deprecation of certs issued by Symantec-owned CAs
Royce Williams
royce at tycho.org
Wed Mar 29 11:57:30 AKDT 2017
Urgency: not immediate - but it could impact some sites as soon as June,
and could take some lead time to get ready, so analyze soon. And if you
depend on visible signs of Extended Validation, that will be impacted
almost immediately.
Impact: Chrome will start distrusting Symantec certs (as well as Thawte,
Verisign, and other CA properties owned by Symantec) on a graduated
timeline, depending on age and duration of cert. They will also stop
showing visible signs of Extended Validation (EV) certs immediately.
Google announcement and discussion:
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/eUAKwjihhBs/rpxMXjZHCQAJ
Good summary of the practical upshot, with timelines:
https://github.com/sleevi/explainer/blob/master/README.md
Alternate checking tool:
https://www.renditioninfosec.com/socapps/sslcheck/index.php
I also have a feature request in with Qualys to add this to the SSL Labs
Server Test
https://github.com/ssllabs/ssllabs-scan/issues/477
Royce
--
Royce Williams <http://www.techsolvency.com/roycewilliams/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.aklug.org/pipermail/aklug/attachments/20170329/6a27a550/attachment.html>
More information about the aklug
mailing list