[tptacek]

What exactly does Google accomplish by somehow trying to prevent Symantec from having a beneficial interest in its customer base? The alternative to this deal is that Symantec continues limping forward with a broken CA customer base that browsers have to accommodate for years to come. The economics of this deal are what enabled it to happen at all.

[justinjlynn]

> What exactly does Google accomplish by somehow trying to prevent Symantec from having a beneficial interest in its customer base?

What digicert is doing, in allowing Symantec to continue operating in their name, is wrong and really lessens what it means to completely fuck up the core mission of what a CA does and it makes a mockery of any sort of censure any browser/TLS developer/user could do. They should have to limp along while browsers distrust their certs and their customers leave to other providers competing on an open market. Then once they've been bled dry they should die alone. I want this to be difficult for their customers. Part of choosing a CA is doing due diligence and you can bet that once people have been burnt they'll be a lot more cautious about their next choice. This makes the CA/PKI system stronger as result -- a bit of pain now is a good thing.

This is the interest Google should have in ensuring that the rats go down with the sinking ship.

[tptacek]

I'm really having trouble following you. You keep writing as if the alternative to Digicert's fire-sale acquisition was that Symantec's CA would simply vanish off the face of the Earth. No. False premise.

[justinjlynn]

Please explain. If their certs become useless and no-one will touch them because, in turn, their certs will be useless... then how wouldn't Symantec's CA vanish off the face of the earth? Their customers can't exactly live without the PKI -- they would just have to go to another vendor, as they should in any case. If those customers have made poor engineering decisions in their own products, well, that's their problem isn't it?

[tptacek]

I think you've oversimplified the pre-existing Google/Mozilla distrust plan, and your misapprehension about what was happening has harmed your understanding of the economics of this acquisition.

[justinjlynn]

You're right. I probably do need to go back and re-examine the details. Generally when disagreements happen, one or both parties is missing something. At the same time, I still feel this is far too nice an ending for Symantec given the shit they pulled.

[Panino]

I think the discussion you and tptacek are having relates, in a way, to how different people approach the criminal justice system. People generally want it to either punish the guilty (Watchmen's Rorschach) or protect the innocent (Sweden), and I think Symantec's dissolution looks like a carefully thought out plan to protect the innocent.

Badness happened, but no more. There are paths forward for everyone involved. No more harm, just move forward.