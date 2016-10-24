reply
It's a ridiculous system and fwiw, it shouldn't be the security companies (though that's being very polite to Symantec) that grant certificates. It should be notary publics (a business all about assurance of human identity) using a physical appliance.
Or, admit we don't care and ditch the entire system for something based on bailing wire and chewing gum, because that's roughly what we've got now.
We can however ban them from issuing any new certs. It wouldn't be the first time this has been done.
Also, and most critically, it's musical chairs between cloud and security companies. If Symantec came to Google to complain it's likely they'd go straight to VPs who used to work with them and get special treatment.
Hence the call to use notaries. Let's avoid the whole buddy network.
