Yes, Root CA providers are supposed to be trustworthy. Google & Mozilla, who together have some credibility, have essentially just accused Symantec of being completely and willfully incompetent. And untrustworthy.
Just the fact Symantec managed to acquire virtually all well-known root CA suppliers is a crime in itself. I expect Symantec's customers will bury them in lawsuits once they get wind of this. sas On Sun, Sep 9, 2018 at 3:31 PM Rob Schramm <[email protected]> wrote: > Actually.. I am more concerned with Verisign being part of this. > > "In the near future, Google Chrome and Mozilla Firefox will begin > distrusting SSL certificates from Symantec, GeoTrust, Thawte, VeriSign, > Equifax, and RapidSSL." > > There are a lot of shops that trust VeriSign for server certs that are > being trusted for mainframe related transactions. If the certs are issued > improperly, it brings up a man in the middle attack that most would not be > looking for because they "trust" VeriSign!. I am sure that there are other > attacks that may be possible. > > This is quite disturbing. > > Personally, I would never trust Equifax.. they have proved themselves > untrustworthy with the multiple security debacles this past year or so. > But I had come to trust the others. Guess I should take a line from > Dragnet "Just the facts ma'am" > > Rob Schramm > > > > On Sun, Sep 9, 2018 at 11:45 AM scott Ford <[email protected]> wrote: > > > Exactly > > > > On Sun, Sep 9, 2018 at 11:13 AM Paul Gilmartin < > > [email protected]> wrote: > > > > > On Sun, 9 Sep 2018 10:39:59 -0400, Rob Schramm wrote: > > > > > > >Seems relevant .. the whole purpose in using a CA is trust. > > > > > > > > > > > > > > https://www.templarbit.com/blog/2018/09/07/the-story-of-why-chrome-and-firefox-will-soon-block-sites-with-certain-ssl-certificates/ > > > > > > > The accused is Symantec and its subsidiaries. > > > > > > What's the current reputation of Symantec Antivirus? > > > > > > -- gil > > > > > > ---------------------------------------------------------------------- > > > For IBM-MAIN subscribe / signoff / archive access instructions, > > > send email to [email protected] with the message: INFO IBM-MAIN > > > > > -- > > Scott Ford > > IDMWORKS > > z/OS Development > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > > -- > > Rob Schramm > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- sas ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
