Slashdot Mirror
Google Bans Symantec Root Certificates
An anonymous reader writes: After in September Google discovered SSL certificates issued in its name by Symantec, and after in October the company discovered over 2,500 more certificates issued for non-existent domains, also by Symantec, Google has now decided to ban Symantec's dodgy certificates from Android and Chrome. "Symantec has decided that this root will no longer comply with the CA/Browser Forum's Baseline Requirements," said Ryan Sleevi, Google Software Engineer. "As these requirements reflect industry best practice and are the foundation for publicly trusted certificates, the failure to comply with these represents an unacceptable risk to users of Google products." Apparently Symantec hasn't been very careful of where and to whom it issues SSL certificates from a particular root branch.
I wind up cleaning my Android device's cert store just because there are a lot of certs that are made by foreign governments, that are not really used, but can easily be abused. China's government has one, for example. Same with Turkey and Saudi Arabia.
What Google should do is figure out the geographical location used, disallow certs that are not directly appropriate to the region, perhaps allowing certs to be turned on/off if one travels. As it stands now, the fewer, the better.
Please, enough of improper use of English in our website! I don't mind so much in posts, but at least can we have decent grammar and syntax in TFS? Our website is not written by 11 year olds who missed Sesame Street's first ten seasons; they are written by adults who are expected to know that the words before and after are usually tied to a certain event, e.g. "after" the aliens came or "before" I lost all my hair. If I knew where you guys work, I could volunteer to work there full time, and help out.
WARNING: Smartphones have side effects--most of them undocumented.
Rust uses LLVM as it's backend compiler. LLVM is written in C++. Where is your rust god now?