GOOGLE HAS confirmed that it will be "distrusting" any security certificates issued by Symantec, starting with Chrome 66.
All certificates issued prior to 1 June 2016 will be affected, as Symantec works with webmasters to switch to Digi Cert certificates after the company bought Symantec's troubled web-security business.
Chrome 66 will arrive in June 2018, with the final switch off coming in Chrome 70, due next October, which will "fully remove trust in Symantec's old infrastructure and all of the certificates it has issued,"
The decision to remove Symantec certificates came as a result of the discovery of a dodgy certificate in 2015, leading to a fuller investigation that brought forward more issues with security at the beginning of this year.
In the meantime, if a webmaster wants an old-style Symantec certificate, they'll have a 13-month limit on them.
At the time of the sale, Symantec CEO Greg Clark said: "We carefully examined our options to ensure our customers would have a world-class experience with a company that offers a modern website PKI platform and is poised to lead the next generation of website security innovation,"
"I'm thrilled that our customers will benefit from a seamless transition to DigiCert, a company that is solely focused on delivering leading identity and encryption solutions."
Over on the Google Security Blog, the plans are explained thus: "This incident, while distinct from a previous incident in 2015, was part of a continuing pattern of issues over the past several years that has caused the Chrome team to lose confidence in the trustworthiness of Symantec's infrastructure, and as a result, the certificates that have been or will be issued from it.
"After our agreed-upon proposal was circulated, Symantec announced the selection of DigiCert to run this independently-operated Managed Partner Infrastructure, as well as their intention to sell their PKI business to DigiCert in lieu of building a new trusted infrastructure. This post outlines the timeline for that transition and the steps that existing Symantec customers should take to minimize disruption to their users."
Symantec continues to offer enterprise solutions as well as home anti-malware protection under the Norton brand. These products are unaffected. µ
But we probably won't see it until next year
Why stick a finger in a dyke when you can ram the entire boy in the hole, eh?
Reminds us that we're supposed to be able to trust them
'Exclusive' model starts shipping on 29 June