In connection with the statement posted to Symantec’s Blog on March 24, 2017, Symantec has been reaching out to its customers. The text of our most recent customer communication is below:
******************************************
It's important that we keep the lines of communication open with you as we continue to deliberate possible changes to how we support your website security needs in response to Google's proposal. There is no doubt that these proposed changes would create a ripple effect across the entire industry. Following up on my previous Message To Our CA Customers, I wanted to provide you with an update on the progress we have made in response to Google's proposals.
In the weeks since Google shared its initial proposal, we have met with Google several times and have also embarked on an industry-wide listening tour to understand the impact that any changes may cause to our customers, partners, and the PKI ecosystem. Our goal is to find a combined path forward that will ensure business continuity for our customers and peace of mind for all browsers and other industry stakeholders.
These conversations have been both encouraging and instructive. And the input we've received from our industry stakeholders, partners, and most importantly, our customers, gives us confidence that we can come to the table with an alternative proposal that will serve the shared interests of the entire industry.
We have also heard consistently from customers like you that the transition to fully adopt Google's proposal within its suggested timeframe would cause significant business disruption and additional expense - especially within complex IT infrastructures. Mitigating these concerns is a top priority for us as we develop our counter proposal and provide responses to the salient questions the community has posted online. While we believe Google understands the burden their proposal creates, if they decide to move ahead with their original plan, I want to reassure you that Symantec will keep your websites, web servers or web applications operational across all browsers. Specifically, this may require Symantec to reissue your certificates, which we would do as needed, at no charge to you, to meet the fully expected validity period.
While we've made solid progress, we have plenty of work left ahead of us and I hope you will continue to consider us a trusted security partner as we address the challenges before us. I firmly believe that the only way to improve is by listening. If you have thoughts on shorter validity certificates, automation, or the value of extended validation (EV), please don't hesitate to reach out to me or voice your concerns anonymously by participating in a brief online survey.
Your input is invaluable and I thank you for your continued support.
Best regards,
Roxane Divol
Executive Vice President & GM, Symantec Website Security