Changes

Between 2009 and 2015, Symantec issued a large number of test certificates in their publicly trusted hierarchies. These contained domains that Symantec did not own or control, and for which domain validation was not performed. Some of these domains were unregistered, and others were owned by other organizations. Issuing Symantec assert that issuing test certificates for unregistered domains was not a BR violation before April 2014(I am currently querying that assertion), but Symantec they continued the practice even after it had been forbiddenthat date. The registered domains used included those belonging to Google and Opera Software. Given the numbers involved, this sort of test certificate issuance appears to have been common practice at Symantec. Some of the test certificates (including one for www.google.com) left Symantec's network because they were logged in CT; . (Symantec claims claim that no others didcertificates left their network; however, it's not clear how this can be true, and clarification is being sought. ) However, Symantec personnel would have had access to the public and private keys of the certs.