Using the rankings of CA's largest to smallest [2], the first public CA is GoDaddy (W2Techs 2016 Survey), which has a range of services. They show GoDaddy to be 11.8% of the market, with Symantec at 26%. So Symantec is 220% larger. I'm too lazy to estimate GoDaddy's CA business from their financials, I didn't see anything obvious in their financials to make it easier.
GoDaddy's public valuation at this time is 7.27B [3], and if we scale up GoDaddy Market Cap to Symantec's size, and only account 20% [4] to the CA business: 7.27B * (26/11.8) * .2 = ~3.2B (Symantic CA Business)
If we use DigiCert, and try to GoDaddy's market cap down to DigiCerts market share (3.0%) [2]. Then you end up with 7.27B * (3.0/11.8) * .2 = ~370M (DigiCert Current Valuation)
However, DigiCert becomes number two CA provider overnight, to 29%, which rockets their value up (maybe?), by our same math, they are now 245% the size of GoDaddy from a cert perspective, 7.27B * ((26 + 3)/11.8) * .2 = ~3.57B (DigiCert + Symantec Business) [5].
So Symantec ends up with 950m cash and 1.07B DigiCert holdings (3.57B * .3 = 1.07B), or ~1.957B of value.
That'd mean Symantec is taking 2/3rds (~1b hit) - that feels like a pretty solid deterrent?
What exactly does Google accomplish by somehow trying to prevent Symantec from having a beneficial interest in its customer base? The alternative to this deal is that Symantec continues limping forward with a broken CA customer base that browsers have to accommodate for years to come. The economics of this deal are what enabled it to happen at all.
> What exactly does Google accomplish by somehow trying to prevent Symantec from having a beneficial interest in its customer base?
What digicert is doing, in allowing Symantec to continue operating in their name, is wrong and really lessens what it means to completely fuck up the core mission of what a CA does and it makes a mockery of any sort of censure any browser/TLS developer/user could do. They should have to limp along while browsers distrust their certs and their customers leave to other providers competing on an open market. Then once they've been bled dry they should die alone. I want this to be difficult for their customers. Part of choosing a CA is doing due diligence and you can bet that once people have been burnt they'll be a lot more cautious about their next choice. This makes the CA/PKI system stronger as result -- a bit of pain now is a good thing.
This is the interest Google should have in ensuring that the rats go down with the sinking ship.
I'm really having trouble following you. You keep writing as if the alternative to Digicert's fire-sale acquisition was that Symantec's CA would simply vanish off the face of the Earth. No. False premise.
Please explain. If their certs become useless and no-one will touch them because, in turn, their certs will be useless... then how wouldn't Symantec's CA vanish off the face of the earth? Their customers can't exactly live without the PKI -- they would just have to go to another vendor, as they should in any case. If those customers have made poor engineering decisions in their own products, well, that's their problem isn't it?
I think you've oversimplified the pre-existing Google/Mozilla distrust plan, and your misapprehension about what was happening has harmed your understanding of the economics of this acquisition.
You're right. I probably do need to go back and re-examine the details. Generally when disagreements happen, one or both parties is missing something. At the same time, I still feel this is far too nice an ending for Symantec given the shit they pulled.
I think the discussion you and tptacek are having relates, in a way, to how different people approach the criminal justice system. People generally want it to either punish the guilty (Watchmen's Rorschach) or protect the innocent (Sweden), and I think Symantec's dissolution looks like a carefully thought out plan to protect the innocent.
Badness happened, but no more. There are paths forward for everyone involved. No more harm, just move forward.
Using the rankings of CA's largest to smallest [2], the first public CA is GoDaddy (W2Techs 2016 Survey), which has a range of services. They show GoDaddy to be 11.8% of the market, with Symantec at 26%. So Symantec is 220% larger. I'm too lazy to estimate GoDaddy's CA business from their financials, I didn't see anything obvious in their financials to make it easier.
GoDaddy's public valuation at this time is 7.27B [3], and if we scale up GoDaddy Market Cap to Symantec's size, and only account 20% [4] to the CA business: 7.27B * (26/11.8) * .2 = ~3.2B (Symantic CA Business)
If we use DigiCert, and try to GoDaddy's market cap down to DigiCerts market share (3.0%) [2]. Then you end up with 7.27B * (3.0/11.8) * .2 = ~370M (DigiCert Current Valuation)
However, DigiCert becomes number two CA provider overnight, to 29%, which rockets their value up (maybe?), by our same math, they are now 245% the size of GoDaddy from a cert perspective, 7.27B * ((26 + 3)/11.8) * .2 = ~3.57B (DigiCert + Symantec Business) [5].
So Symantec ends up with 950m cash and 1.07B DigiCert holdings (3.57B * .3 = 1.07B), or ~1.957B of value.
That'd mean Symantec is taking 2/3rds (~1b hit) - that feels like a pretty solid deterrent?
1. Armchair economist 2. https://en.wikipedia.org/wiki/Certificate_authority 3. https://www.google.com/finance?q=NYSE%3AGDDY&ei=qU-CWciuPMqg... (8/2/2017 EOD MarketCap) 4. This could be wildly high.. 5. Normally a combined entity would have duplicative operations and arguably be worth more than their whole, but since these are kind of iffy assets, they probably would be worth less.