Is Google abusing its power in SSL war with Symantec?

Google and Symantec are in a big fight which basically drills down to the fact that Google does not believe that SSL certificates have a future. They found a lot of irregularities in certificates that Symantec has issued.

Since Google controls the biggest browser Chrome they have the power to decide how a website is shown. Marking a website as unsafe is one of these ways.

Symantec obviously did not do a good enough job. However could any CA ever do a good enough job? The validation process is manual work and where people have to validate data they will make mistakes. In that sense any CA including Lets Encrypt that only validates automatically based on whois data is vulnerable to mistakes. Google might be right that SSL in its current form has no future.

So why is Google abusing its power? It is abusing its power because the majority and I mean higher than 99 percent of all SSL certificates are validated correctly. Valid companies have valid SSL certificates and Google is deliberately hurting these companies by forcing Symantec to reissue these SSL certificates. Which means that all these companies with 100 percent valid certificates have to do a lot of work to replace already good certificates by new ones just because Google wants to make a point. Up till now SSL is the best way to validate companies and assure website vistors they are really on the website of the company they think they are. There is no mature alternative.

And since Google is by far the largest browser company they have the power and are abusing this power to deliberately hurt websites that are completely legal, of high reputation and with correctly validated certificates.

There are many other ways to change an industry and its security. Abusing your power in the way Google does in the fight with Symantec is not the way.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s