Editing Gen Digital (section)

===Google and Symantec clash on website security checks===
On March 24, 2017, Google stated that it had lost confidence in Symantec, after the latest incident of improper certificate issuance.<ref>{{cite web |url=http://www.pcworld.com/article/3184660/security/to-punish-symantec-google-may-distrust-a-third-of-the-webs-ssl-certificates.html |first=Lucian |last=Constantin|title= To punish Symantec, Google may distrust a third of the web's SSL certificates |work=PC World|date=March 24, 2017 |access-date=March 24, 2017}}</ref><ref>{{cite web |url=http://theusbport.com/symantec-loses-googles-trust-over-fishy-ssl-certificates/26558 |title= Symantec loses Google's trust over fishy SSL Certificates |work=The USB Port|access-date=March 26, 2017|first=Rafael|last=Fariñas|date=March 26, 2017}}</ref> Google says millions of existing Symantec certificates will become untrusted in Google Chrome over the next 12 months. According to Google, Symantec partners issued at least 30,000 certificates of questionable validity over several years, but Symantec disputes that number.<ref>{{cite news | title=To punish Symantec, Google may distrust a third of the web's SSL certificates | website=PC World | url=http://www.pcworld.idg.com.au/article/616592/punish-symantec-google-may-distrust-third-web-ssl-certificates/ | access-date=April 16, 2017 | archive-date=April 17, 2017 | archive-url=https://web.archive.org/web/20170417071452/http://www.pcworld.idg.com.au/article/616592/punish-symantec-google-may-distrust-third-web-ssl-certificates/ | url-status=dead }}</ref> Google said Symantec failed to comply with industry standards and could not provide audits showing the necessary documentation.<ref>{{cite web |url=https://arstechnica.com/security/2017/03/google-takes-symantec-to-the-woodshed-for-mis-issuing-30000-https-certs/ |title= Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs |access-date=March 24, 2017|first=Dan|last=Goodin|date=March 24, 2017|publisher=Ars Technica}}</ref><ref>{{cite web |url=https://www.bleepingcomputer.com/news/security/google-reducing-trust-in-symantec-certificates-following-numerous-slip-ups/ |title= Google Reducing Trust in Symantec Certificates Following Numerous Slip-Ups |access-date=March 24, 2017|first=Catalin|last=Cimpanu|work=Bleeping Computer}}</ref>

Google's Ryan Sleevi said that Symantec partnered with other CAs (CrossCert (Korea Electronic Certificate Authority), [[Certisign|Certisign Certificatadora Digital]], Certsuperior S. de R. L. de C.V., and Certisur S.A.) who did not follow proper verification procedures leading to the misissuance of certificates.<ref>{{cite web |date=March 27, 2017|work=TechCrunch|first=Kate|last=Conger|url=https://techcrunch.com/2017/03/27/google-is-fighting-with-symantec-over-encrypting-the-internet/ |title= Google is fighting with Symantec over encrypting the internet |access-date=March 24, 2017}}</ref>

Following discussions in which Google had required that Symantec migrate Symantec-branded certificate issuance operations a non-Symantec-operated "Managed Partner Infrastructure",<ref>{{cite web | author = Fisher, Darin | title = Re: [blink-dev] Intent to Deprecate and Remove: Trust in existing Symantec-issued Certificates | date = July 27, 2017 | url=https://groups.google.com/a/chromium.org/d/msg/blink-dev/eUAKwjihhBs/El1mH8S6AwAJ | publisher=blink-dev@chromium.org Google Group}}</ref> a deal was announced whereby [[DigiCert]] acquired Symantec's website security business.<ref>{{cite web|date=August 2, 2017 |author=Merrill, John |title=DigiCert to Acquire Symantec's Website Security Business |url=https://www.digicert.com/blog/digicert-to-acquire-symantec-website-security-business/|publisher=DigiCert}}</ref> In September 2017, Google announced that starting with Chrome 66, "Chrome will remove trust in Symantec-issued certificates issued prior to June 1, 2016".<ref name="O'Brien 2017">
{{cite web|url=https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html|title=Chrome's Plan to Distrust Symantec Certificates|last1=O'Brien|first1=Devon|last2=Sleevi|first2=Ryan|date=September 11, 2017|website=Google Security Blog|last3=Whalley|first3=Andrew}}
</ref> Google further stated that "by December 1, 2017, Symantec will transition issuance and operation of publicly-trusted certificates to DigiCert infrastructure, and certificates issued from the old Symantec infrastructure after this date will not be trusted in Chrome."<ref name="O'Brien 2017" /> Google predicted that toward the end of October 2018, with the release of Chrome 70, the browser would omit all trust in Symantec's old infrastructure and all of the certificates it had issued, affecting most certificates chaining to Symantec roots.<ref name="O'Brien 2017" /> Mozilla Firefox planned to distrust Symantec-issued certificates in Firefox 63 (released on October 23, 2018),<ref>{{Cite web|url=https://blog.mozilla.org/security/2018/07/30/update-on-the-distrust-of-symantec-tls-certificates/|title=Update on the Distrust of Symantec TLS Certificates|last=Thayer|first=Wayne|date=July 30, 2018|website=Mozilla Security Blog|language=en-US|access-date=August 15, 2018}}</ref> but delivered the change in Firefox 64 (released on December 11, 2018).<ref>{{Cite web|url=https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/64|title=Firefox 64 for developers|website=MDN Web Docs|language=en-US|access-date=December 11, 2018}}</ref> Apple has also planned to distrust Symantec root certificates.<ref>{{Cite web|url=https://support.apple.com/en-hk/HT208860|title=Information for website operators about distrusting Symantec certificate authorities|date=August 1, 2018|website=Apple Support}}</ref><ref>{{Cite web |url=https://www.digicert.com/blog/our-latest-symantec-distrust-guidance-apple/ |title=Our Latest Symantec Distrust Guidance |date=June 7, 2018 |website=DigiCert Blog |first=Vincent |last=Lynch}}</ref> Subsequently, Symantec exited the TLS/SSL segment by selling the SSL unit to [[Digicert]] for $950 million in mid 2017.<ref name="Sayer 2017"/>