Google Chrome to gradually 'distrust' Symantec-certified websites amid Google, Symantec feud
The ongoing Google and Symantec feud may hold repercussions for the latter. Google may actually make a move to suspend websites with Symantec certification.
Google is planning a "gradual distrust" of existing Symantec-based certificates. A Google post also said Symantec will have to replace these certificates with revalidated ones.
The move seems to take place over various versions of Google Chrome, from Chrome versions 59 to 64. Google plans to decrease the maximum age of Symantec-based certification on these websites.
Chrome 59 will "remove" Symantec-issued certificates over a span of 33 months, or 1,023 days. Meanwhile, Chrome 64 will remove these certificates over a span of nine months, or 279 days. The other versions of the Google browser will also gradually remove the Symantec-based certificates within these time frames.
In fact, it appears nine months will be Google's new requirement for new certificates. It plans to propose that new certificates will only have validity periods of nine months, starting with Chrome 61. This will apparently ensure that risks are "minimised as much as possible."
Symantec has not released an official statement regarding this proposal. Google has also yet to announce whether or not this proposal has already been sent.
It appears the Google and Symantec feud arose from Google's claims that Symantec has been not handling the certification of websites. Google said around "30,000 certificates" may not actually be secure.
Symantec said it "strongly objected" Google's allegations. It added that the statements on the certificates are "exaggerated," and that only 127 certificates may be wrongly issued.
A Google forum post said that Symantec's policies on certificates have "created significant risks" for users of Google Chrome. It also added that Symantec has failed to disclose details and updates on the issue. The original Symantec report cannot be found.
According to BBC, Symantec is one of the biggest companies that issue security certificates to a lot of websites, which can help guarantee the safety of a website. These "certificates" are then needed to confirm that websites are secure.
As viewed in the Symantec website, its certificates (called SSL Certificates) offer a wide variety of encryption and protection methods. Prices of these certificates range from US$399 (AU$523) to US$1,999 (AU$2,621).
Google's move to stop recognising some Symantec-certified websites can affect a lot of users. This is because thousands of websites all over the Internet are using these certificates.
Unfortunately, there is no confirmation as to when this move on the Google and Symantec feud may take effect. Neither company has made further comments on the matter as well.