Confusion about distrust Symantec certs
70 views
Skip to first unread message
adimallika...@gmail.com
Dec 2, 2017, 4:26:39 PM12/2/17
to Chromium-discuss
As per the guidelines mentioned in blog https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html, chrome should be alerting in DevTools about the Symantec certificates issued before June 1, 2016.
But with the chrome Version 62.0.3202.94 on MacOS, I am seeing alert for the certificated issued in 2017.
Please check these sample websites, where the alert is showing up.
But with the chrome Version 62.0.3202.94 on MacOS, I am seeing alert for the certificated issued in 2017.
Please check these sample websites, where the alert is showing up.
Philip Gladstone
Feb 7, 2018, 2:25:25 AM2/7/18
to Chromium-discuss, adimallika...@gmail.com
It appears to me as though the message that appears in Chrome 64 dev tools warning of pending distrust is *wrong*. In Chrome canary 66, the same website loads just fine and the certificates are claimed to be valid. I think that the code in Chrome 64 is checking the date that the Symantec CA issued the cert rather than the date when the leaf cert was issued. This makes a difference when the root cert is a legacy symantec CA, the intermediate CA is not listed, and the leaf cert was issued in 2017.
It isn't clear to me which is the correct behavior.
I'm also looking for an example website which has a cert which is distrusted by Chrome 66. Any suggestions?
Philip
Philip Gladstone
Feb 7, 2018, 2:49:47 PM2/7/18
to Chromium-discuss
Actually, I think that I was confused. The message in Chrome was about M70 -- and I was reading M66.
The other question of finding an example site which is distrusted in M66 still stands...
--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss
---
You received this message because you are subscribed to the Google Groups "Chromium-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discuss+unsubscribe@chromium.org.
larip...@gmail.com
Feb 20, 2018, 4:50:41 AM2/20/18
to Chromium-discuss
On the current Canary (66), in dev tools, I see warnings about certificates becoming untrusted, otherwise they are loaded correctly (green bar). The path shows Digicert as root, issued after December. In the current Chrome (64), everything is as expected, no warnings. Is it a bug in Canary or should I issue again the certificates?
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-discu...@chromium.org.
Reply all
Reply to author
Forward
0 new messages