Hello, welcome to the Monday, March 27th, 2017 edition of the Sandton and Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Over the last couple of years, there were a couple of issues where Symantec was blamed by Google for issuing bad certificates.

Now, Symantec often stated that these were test certificates.

They never saw any actual use outside of Symantex labs, but probably somewhat rightfully.

So Google said that the ability of semantic employees to create these certificates

can be seen as a breakdown in controls that Symantec should have in place in order to

implement a trusted certificate issuing process.

While I haven't been any new issues, Google is still not happy with Symantex response and

is now threatening to face out trusting Symantex certificate authority certificates

for future versions of Google Chrome.

Now this will be a face-out process. It will span a number of Google Chrome releases.

And extended validation certificates being issued by Symantec will no longer be recognized as extended validation certificates.

So they will work just like any normal certificate. This is a pretty drastic step and according to Google's post,

anywhere between 30 and 40% of certificates or requests to HDPS websites

and may be affected by this particular measure.

So what this means to you if you're using SSL certificates anywhere in your environment,

the ones that will be affected here are the ones that are using for HDPS,

because at this point this will only affect Google Chrome.

So don't worry too much about IMAP and other

certificates like that. If certificates are issued by Symantec, then you may have to have them

reissued at some point in the future. Wouldn't rush it, but start at least enumerating the certificate and be aware

...