[justinjlynn]

Please explain. If their certs become useless and no-one will touch them because, in turn, their certs will be useless... then how wouldn't Symantec's CA vanish off the face of the earth? Their customers can't exactly live without the PKI -- they would just have to go to another vendor, as they should in any case. If those customers have made poor engineering decisions in their own products, well, that's their problem isn't it?

[tptacek]

I think you've oversimplified the pre-existing Google/Mozilla distrust plan, and your misapprehension about what was happening has harmed your understanding of the economics of this acquisition.

[justinjlynn]

You're right. I probably do need to go back and re-examine the details. Generally when disagreements happen, one or both parties is missing something. At the same time, I still feel this is far too nice an ending for Symantec given the shit they pulled.

[Panino]

I think the discussion you and tptacek are having relates, in a way, to how different people approach the criminal justice system. People generally want it to either punish the guilty (Watchmen's Rorschach) or protect the innocent (Sweden), and I think Symantec's dissolution looks like a carefully thought out plan to protect the innocent.

Badness happened, but no more. There are paths forward for everyone involved. No more harm, just move forward.