Mozilla decides to postpone the termination of support for Symantec certificates
As we reported before, Mozilla Firefox 63 will no longer trust Symantec certificates. But Mozilla found that once Firefox 63 nightly stopped supporting Symantec certificates, applying Firefox 63 Beta would affect a large number of Firefox users, so Mozilla decided to postpone the program. This change will remain enabled in Nightly, and Mozilla plans to enable it in Firefox 64 Beta when it ships in mid-October
Wayne Thayer, Mozilla Credentials project manager, mentioned that many popular websites still use Symantec’s TLS credentials, including GeoTrust, RapidSSL and Thawte. Although DigiCert has been promoted, there are still many websites that are not concerned about this issue. Or, some sites are waiting for Symantec to wait until the end date.
Although the number of Symantec vouchers on the site has declined, according to statistics, more than 1% of the previous one million websites are using untrusted Symantec certificates. Wayne Thayer said that because many sites have not taken the appropriate measures, they may be waiting for DigiCert to provide free alternative credentials, so once they stop supporting Symantec certificates in Firefox 63 Nightly, they apply directly to Firefox 63 Beta. Will affect a large number of Firefox users.
To prioritise user security and reduce the risk of delaying the implementation of the distrust program, Mozilla decided to postpone this policy this year, allowing more sites to replace Symantec credentials. This is more in the best interests of the overall user, so although the Firefox Nightly version on August 13 no longer trusts Symantec’s TLS, Mozilla plans to follow up with Firefox 64 Beta in mid-October.
Earlier, Chrome also announced that it no longer trusts Symantec credentials and mitigates the impact by gradually shortening the validity of Symantec certificates. In Chrome 59, Symantec credentials are valid for 33 months, and by Chrome 64, the time has been reduced to 9 months. Google decided to stop supporting Symantec certificates in Chrome 70.
