Symantec explores selling web certificates business (opens in new tab)

(reuters.com)

52 pointsbracewel8y ago20 comments

20 comments

Hmm. Whilst sale of this business is certainly a possibility, one thing to keep in mind is that the anonymous sources could have been confused by activity that isn't actually a sale at all.

Symantec's current deal with Mozilla/ Google implies that they need a third party to actually do most of the technical work while they build new capabilities not tainted by previous problems. So that means Symantec executives having discussions with other CAs that could easily _look_ like they're thinking of selling the business even if they aren't, they'd be talking about sales volumes, sharing financial data, which operational people could be transferred and who needs to stay where they are... all stuff that _looks_ like a sale but would be necessary for Symantec to obey the plan they've shown Google.

Also sale of the CA business with the current shadow over it would be problematic, the major trust stores have reacted to the StartCom/ WoSign fiasco by instituting more rules about transfer, which came up for Google recently because they bought a CA. If an existing CA buys the Symantec (Verisign/ Thawte/ GlobalSign branding) business, they also buy Symantec's problems with the trust stores. If a _new_ CA buys the business there will be arguments from a lot of quarters that they're unqualified and forget Symantec's problems the whole thing needs to go away immediately. It's like buying a burning tyre fire, where's the upside ?

FungalRaincloud8y ago

I'm inclined to agree just from my own reading of this. I just don't see how sale could do anything but harm trust in the brands further, which makes sale only appealing to those who either don't care about trust, or have enough trust on their side to think they can rebuild it. Both of those groups are not going to want to pay much. Why sell a division of your company for peanuts?

jbergstroem8y ago

> It's like buying a burning tyre fire, where's the upside ?

I see it as buying the customer stock with the opportunity of a "fresh start". Rebrand, ensure the that the new organization follows compliance.

mrmondo8y ago

Being one of the least trusted, yet large CAs currently in existence this may not be a bad move for the company. However I do wonder what that leaves the company as far as popular assets go, their ‘enterprise’ antivirus offering was once the best-in-class but since the demise of AV and the companies general reputation declining year on year (citation definitely needed and obviously my opinion through observation) it still makes me wonder how long the company will last. Oh and of course I should remind people that Symantec owns Blue Coat...

egeozcan8y ago

Most companies still purchase antivirus packages at bulk. I have a customer server where an installed AV slows down the SQL Server from time to time (especially when SQL server allocates more disk space) so much that the system becomes unusable. They still think it makes sense to install AV even to database servers. I think AV software is installed just to be scapegoats if there's a successful attack.

mrweasel8y ago

They may be required to follow some standard, or certification that states that anti-virus software and firewalls be present on all systems. Those "standards" are normally written by lawyers or accountants who know next to nothing about IT.

1 more reply

eru8y ago

Of course, even with nothing useful left in the rump company, the sale might still be good from a shareholders point of view. Similar logic as for Yahoo's holding of Alibaba a while ago, when rump-Yahoo added negative value by most calculations.

phonon8y ago

The certificate business is only about 10% of Symantec's revenue. (But probably more of its profits)

They have consumer and corporate anti-virus, Endpoint Protection, and they now own Blue Coat and Lifelock.

1 more reply

mrmondo8y ago

Very good point, in your eyes does that suggest inevitable liquidation / similar or something more like running the company at a loss as a write off and on the chance something might come from it as a spin off?

1 more reply

venning8y ago

I'm assuming that Symantec makes money off of selling SSL certs which, again I'm assuming, they will make less of as Let's Encrypt begins to gain "conquest" domains over "greenfield" domains (those that did not and would not have held a cert without ACME and without being free). Of course, that assumes that a substantial number of paid-for SSL users switch to Let's Encrypt. Unless I'm misunderstanding, this may solve two problems for Symantec.

EDIT: I have no idea if LE's impact is of a "rising tide raises all boats" kind or a purely disruptive kind.

gcp8y ago

The DV business is dead but there will be a marketing push towards EV certs for business.

Symantec's problems are that they fucked up too much and have slipped past the "too big to fail" boundary.

mrweasel8y ago

There's also a niche market for more complex certificate solutions, like the one we saw stackoverflow required: https://nickcraver.com/blog/2013/04/23/stackoverflow-com-the...

It's just that those solutions require actual work and capable customer support, and I don't think that's a business Symantec wants to be in.

Still I would hope that their certificate business is taken over by someone serious about SSL/TLS/certificates. I would have for Let's Encrypt to become a monopoly.

1 more reply

finchisko8y ago

Of course they do. I've feeling they get corrupted and stepped on a path of quick making money with assigning covert certificates for various agencies/companies whose main initiative was to spy on users. In their case recovering trust is almost impossible.

aburan288y ago

Fun Fact: Symantec sold certificates to Blue Coat all the way back in May 2016 and have been using them in their SSL inspection tool ever since

phonon8y ago

Symantec owns Blue Coat though?

honestoHeminway8y ago

If there ever was a fire-sale. Thrustworthiness, get it while its red-hot.

j / k navigate · click thread line to collapse

20 comments

tialaramex8y ago

Hmm. Whilst sale of this business is certainly a possibility, one thing to keep in mind is that the anonymous sources could have been confused by activity that isn't actually a sale at all.

FungalRaincloud8y ago

jbergstroem8y ago

> It's like buying a burning tyre fire, where's the upside ?

I see it as buying the customer stock with the opportunity of a "fresh start". Rebrand, ensure the that the new organization follows compliance.

mrmondo8y ago

egeozcan8y ago

mrweasel8y ago

1 more reply

eru8y ago

phonon8y ago

The certificate business is only about 10% of Symantec's revenue. (But probably more of its profits)

They have consumer and corporate anti-virus, Endpoint Protection, and they now own Blue Coat and Lifelock.

1 more reply

mrmondo8y ago

1 more reply

venning8y ago

EDIT: I have no idea if LE's impact is of a "rising tide raises all boats" kind or a purely disruptive kind.

gcp8y ago

The DV business is dead but there will be a marketing push towards EV certs for business.

Symantec's problems are that they fucked up too much and have slipped past the "too big to fail" boundary.

mrweasel8y ago

There's also a niche market for more complex certificate solutions, like the one we saw stackoverflow required: https://nickcraver.com/blog/2013/04/23/stackoverflow-com-the...

It's just that those solutions require actual work and capable customer support, and I don't think that's a business Symantec wants to be in.

Still I would hope that their certificate business is taken over by someone serious about SSL/TLS/certificates. I would have for Let's Encrypt to become a monopoly.

1 more reply

finchisko8y ago

aburan288y ago

Fun Fact: Symantec sold certificates to Blue Coat all the way back in May 2016 and have been using them in their SSL inspection tool ever since

phonon8y ago

Symantec owns Blue Coat though?

honestoHeminway8y ago

If there ever was a fire-sale. Thrustworthiness, get it while its red-hot.

j / k navigate · click thread line to collapse