Another CA bites the dust, and it’s not a small one this time: Symantec.
Since January 19, the Google Chrome team has been investigating a series of failures by Symantec Corporation to properly validate certificates.
Over the course of this investigation, the explanations provided by Symantec have revealed a continually increasing scope of misissuance with each set of questions from members of the Google Chrome team; an initial set of reportedly 127 certificates has expanded to include at least 30,000 certificates, issued over a period spanning several years.
This is also coupled with a series of failures following the previous set of misissued certificates from Symantec, causing us to no longer have confidence in the certificate issuance policies and practices of Symantec over the past several years.
Source: Intent to Deprecate and Remove: Trust in existing Symantec-issued Certificates – Google Groups