<div>
@kevinhsieh I don;t follow what you are saying about letsencrypt, &gt;99.99% of browser users do not check who issued the certificate, justthat there _is_ a certificate, I certainly don't follow what you mean by &quot;scammers&quot;.
</div>


@kevinhsieh I don;t follow what you are saying about letsencrypt, >99.99% of browser users do not check who issued the certificate, justthat there _is_ a certificate, I certainly don't follow what you mean by "scammers".

<div>
<div class="content wysiwyg-content">
Q1:<br />
Is the following a valid risk &amp;&nbsp;any CVSS rating assigned to it?:<br />
Symantec SSL certificates are rated by Google &amp;&nbsp;Mozilla as risky &amp;&nbsp;recommends to deprecate them prematurely even before its expiry; URL: <br />
<a href="https://blog.qualys.com/ssllabs/2017/09/26/google-and-mozilla-deprecating-existing-symantec-certificates" rel="ugc">https://blog.qualys.com/ssllabs/2017/09/26/google-and-mozilla-deprecating-existing-symantec-certificates</a><br />
<br />
Q2:<br />
Which other vendors' SSL certs would you recommend to replace Symantec's?<br />
<br />
Q3:<br />
if we don't replace, what are the mitigating controls we can put in place?<br />
<br />
Can it wait till Oct 2018 to remediate?
</div>
</div>


Q1:
Is the following a valid risk & any CVSS rating assigned to it?:
Symantec SSL certificates are rated by Google & Mozilla as risky & recommends to deprecate them prematurely even before its expiry; URL: 
https://blog.qualys.com/ssllabs/2017/09/26/google-and-mozilla-deprecating-existing-symantec-certificates

Q2:
Which other vendors' SSL certs would you recommend to replace Symantec's?

Q3:
if we don't replace, what are the mitigating controls we can put in place?

Can it wait till Oct 2018 to remediate?

Symantec SSL cert's risk &amp; remediation

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Encryption

HTTPS is a protocol for secure communication over a computer network which is widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL). The main motivation for HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS is widely used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

SSL / HTTPS

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Network Security

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Symantec SSL cert's risk &amp; remediation

Symantec SSL cert's risk & remediation