The Symantec SSL Debacle Lessons Learned

The Symantec SSL Debacle Lessons Learned – Jake Williams

Abstract

When Google announced an intent to revoke trust from certificates issued by Symantec, this set off alarm bells all over the certificate authority industry. But that was March. What actually happened? Rendition Infosec has periodically tracked the SSL certificates on the Alexa top 1 million sites. In this talk, we’ll review that data set and examine what, if any, changes the Google announcement regarding Symantec certs had on certificate renewal/reissuance. We’ll also offer realistic suggestions for revoking trust in the future – had this been an actual fire drill, we’d have been burned alive.