[michaelbuckbee]

I'm a reseller for Digicert - they just sent an announcement email about this, here's the most interesting bit:

"Earlier this year, the browsers proposed a plan to limit trust in Symantec certificates after discovering issues with how they were validating and issuing digital certificates. Importantly, we feel confident that this agreement will satisfy the needs of the browser community.

DigiCert is communicating this deal and its intentions to the browser community and will continue to work closely with them during the period leading up to our closing the transaction. DigiCert appreciates and shares the browsers’ commitment to engendering trust in digital certificates and protecting all users. "

[justinjlynn]

You may want to come up with an escape plan then. If digicert can buy Symantec so that Symantec can escape censure what message does that send? At this point Symantec should be considered so radioactive that nobody would go near it for fear of contamination. Symantec betrayed all of us and digicert, in buying it and rewarding the behaviour is doing the same.

[tedivm]

When Symantec bought Verisign it was making over $400million in net profits off of over $1.1 billion in revenue.

Symantec basically killed their golden goose are are now selling it off to another company at a huge discount. If they didn't do this there's a good chance their whole business would fall apart.

I'd consider losing potentially billions of dollars over the next few years to be a pretty solid message.

[geofft]

I think your outrage is properly directed, and I agree with you that this is way too nice an ending for Symantec.

However, I don't think that anyone is actually going to make Symantec as contaminated as you or I want. If the people at DigiCert who were competent yesterday are operating Symantec's infrastructure today, that infrastructure is now trustworthy. And in buying and salvaging it, DigiCert did the community a service: instead of leaving us in this ambiguous position where a too-big-to-fail CA was calling up Google executives to potentially overrule engineering decisions, that CA is now no longer a threat.

[justinjlynn]

I know, and it is impotent rage... still, one can dream. We'll see to what extent Symantec invades digicert in the future.

[cjbprime]

The message is that Symantec doesn't get to run a CA business anymore. Presumably the fact that a sale was somewhat necessary was priced into the purchase price.

[thanksgiving]

They will own 30%of digicert.

I think this deal should put digicert on a "one strike and you're out" zone as well.

I don't understand what's going on. Digicert will give Symantec 800M+ cash and a 30% equity?

And Symantec will generously allow the current digicert CEO to continue as the CEO of digicert? Doesn't look like Symantec is selling anything. Looks like Symantec is buying digicert from the owners of digicert.

[justinjlynn]

Indeed. Classic reverse buyout to escape a bad name. It's complete bullshit and the browser vendors should see right through it.

[tptacek]

It would be a "classic reverse buyout" if DigiCert was going to continue to operate the Symantec CA infrastructure. If it is not, then Google and Mozilla will have accomplished their most important objective, which is the elimination of insecure certificate issuers in current operation.

You clearly have other objectives you would like Google and Mozilla to accomplish for you, and I probably agree with many of them, but let's try to stay focused here.

[justinjlynn]

And now the same people who made that shitty infrastructure will control a large chunk of the business that created what was once (probably) a perfectly good one -- and likely make the same shit decisions that made their old one shit as well making digicerts' infrastructure worse, and eventually probably shit as well.

[justinjlynn]

The point is the purchase price should have been zero. I want every Symantec shareholder to feel the pain and never invest in any company that is that shit again.