Google Gives Symantec Certificate Health Ultimatum
(October 28, 2015)
Earlier this year, Symantec employees improperly released test certificates for Google domains.
Google is now demanding that Symantec provide details of its certificate authority processes; if Symantec does not comply, Google says it will start warning users who visit sites that are protected with the company's certificates.
Google says its own investigation revealed that more than the 23 test certificates were improperly issued.
Google is demanding that Symantec provide more information about why initial report did not include the other improperly issued certificates; identify the steps it will take to prevent the improper release of certificates; and that as of June 1, 2016, all Symantec-issued certificates must support Certificate Transparency.
http://arstechnica.com/security/2015/10/still-fuming-over-https-mishap-google-gives-symantec-an-offer-it-cant-refuse/
