[eridius]

Why did Symantec change the private key used for their intermediate certificate? It sounds like they switched from an older system to a newer one for issuing certificates, but that doesn't explain why they couldn't preserve the key.

[bdamm]

Speculation: Symantec was not satisfied with the containment of the key. They might have preferred to rotate it out even though there is no evidence of key leakage if they knew there was a gap in their key access policy or audit processes. That gap might have been filled, so now they'd prefer to move on to a new key living under the new process.

[viraptor]

Speculation: Possibly just because they didn't have to preserve it. Possibly because it was stored in a hardware module and could not be extracted.