Hmm. Whilst sale of this business is certainly a possibility, one thing to keep in mind is that the anonymous sources could have been confused by activity that isn't actually a sale at all.<p>Symantec's current deal with Mozilla/ Google implies that they need a third party to actually do most of the technical work while they build new capabilities not tainted by previous problems. So that means Symantec executives having discussions with other CAs that could easily _look_ like they're thinking of selling the business even if they aren't, they'd be talking about sales volumes, sharing financial data, which operational people could be transferred and who needs to stay where they are... all stuff that _looks_ like a sale but would be necessary for Symantec to obey the plan they've shown Google.<p>Also sale of the CA business with the current shadow over it would be problematic, the major trust stores have reacted to the StartCom/ WoSign fiasco by instituting more rules about transfer, which came up for Google recently because they bought a CA. If an existing CA buys the Symantec (Verisign/ Thawte/ GlobalSign branding) business, they also buy Symantec's problems with the trust stores. If a _new_ CA buys the business there will be arguments from a lot of quarters that they're unqualified and forget Symantec's problems the whole thing needs to go away immediately. It's like buying a burning tyre fire, where's the upside ?
Being one of the least trusted, yet large CAs currently in existence this may not be a bad move for the company. However I do wonder what that leaves the company as far as popular assets go, their ‘enterprise’ antivirus offering was once the best-in-class but since the demise of AV and the companies general reputation declining year on year (citation definitely needed and obviously my opinion through observation) it still makes me wonder how long the company will last. Oh and of course I should remind people that Symantec owns Blue Coat...
I'm assuming that Symantec makes money off of selling SSL certs which, again I'm assuming, they will make less of as Let's Encrypt begins to gain "conquest" domains over "greenfield" domains (those that did not and would not have held a cert without ACME and without being free). Of course, that assumes that a substantial number of paid-for SSL users switch to Let's Encrypt. Unless I'm misunderstanding, this may solve two problems for Symantec.<p>EDIT: I have no idea if LE's impact is of a "rising tide raises all boats" kind or a purely disruptive kind.
Of course they do. I've feeling they get corrupted and stepped on a path of quick making money with assigning covert certificates for various agencies/companies whose main initiative was to spy on users. In their case recovering trust is almost impossible.