Symantec is an unbelievably bad certificate authority.
-
-
Symantec made a big show of firing the people supposedly responsible. Called it leadership.
-
But they still look like the same old Symantec to me, up to their usual tricks!
-
Symantec is, BTW, the same CA which keeps needing "exceptions" so they can issue SHA-1 certificates and do other legacy forbidden things.
-
Reminder: Symantec, GeoTrust, Thawte, RapidSSL are all the same. Some Symantec certs say Verisign because they bought Verisign's CA biz.
-
If you own a domain, you might be able to set up a CAA record that excludes Symantec: https://sslmate.com/labs/caa
-
Even better, monitor
#CertificateTransparency so you know if a cert is misissued for one of your domains. CT is how I found these certs. -
Cert Spotter (made by me) https://sslmate.com/certspotter/ and https://crt.sh are tools you can use to monitor
#CertificateTransparency logs
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.