Hacker News new | ask | show | jobs
by retlehs 2850 days ago
PayPal's site is affected by this
2 comments
twblalock 2850 days ago
That's surprising, because Chrome has distrusted Symantec certs for a few months and it's odd that Paypal would not have fixed it by now.
link
cpeterso 2850 days ago
Chrome and Firefox have only distrusted Symantec certs in their pre-release versions. The Chrome 70 and Firefox 63 releases in mid-October are when the hammer will fall.

https://security.googleblog.com/2018/03/distrust-of-symantec...

link
user5994461 2850 days ago
The hammer fell in April already. Google published a roadmap, the link you gave, but didn't respect it.
link
plttn 2850 days ago
Your anecdotal evidence doesn't prove they didn't respect it. I was just able to load PayPal with a Symantec cert on Chrome 69 on Android, which I realize is dueling anecdotes, but I'm just reinforcing the status quo, you're the one making a bold claim.
link
awakeasleep 2850 days ago
The head of Symantec's board is the CEO of PayPal.

PayPal is a diehard Symantec company and will not abandon anything Symantec related until it is absolutely forced to.

link
gsnedders 2850 days ago
All the communications browser vendors have had with PayPal imply they're on track to replace the certificate before the distrust hits stable.
link