Slashdot Mirror

← Back to Stories (view on slashdot.org)

Certificate Blunders May Mean the End For DigiNotar

Posted by timothy on from the web-of-trust-works-by-breaking dept.

Certificate Authority DigiNotar is having a rough time of it. dinscott writes with these words from Help Net Security: "After having its SSL and EVSSL certificates deemed untrustworthy by the most popular browsers, around 4200 qualified certificates — i.e. certificates used to create digital signatures — issued by the CA are currently in the process of being revoked and their holders notified of the fact by the Dutch independent post and telecommunication authority (OPTA). Starting from yesterday, OPTA has terminated the accreditation of DigiNotar as a certificate provider for 'qualified' certificates. The revocation of this accreditation also makes DigiNotar unqualified to issue certificates under the PKIoverheid CA."

4 of 128 comments (clear)

  1. The Price Of Trust by Wiz-Hum-Mal-Cha · · Score: 5, Insightful

    If getting compromised and issuing bad certificates *didn't* cost you your position of trust, then what credibility would the certification process have anyway?

  2. And good riddance to them... by SigILL · · Score: 5, Insightful

    If you won't properly separate your security-critical systems from your Internet-facing systems, or cannot even keep them from being rooted multiple times, you have no business being a CA.

    Honestly, it's understandable DigiNotar didn't want this information out: bankrupcy is inevitable now, and that's bad for shareholder value.

    --
    Error: password can't contain reverse spelling of ancient Chinese emperor
    1. Re:And good riddance to them... by maxume · · Score: 4, Informative

      The Dutch government took over operation of the company more than a week ago. It is basically already defunct.

      http://www.govcert.nl/english/service-provision/knowledge-and-publications/factsheets/factsheet-fraudulently-issued-security-certificate-discovered.html

      --
      Nerd rage is the funniest rage.
  3. Already dead by plsuh · · Score: 4, Interesting

    This is just going through the motions. DigiNotar has been dead since August 30, when Google, Mozilla, and Microsoft all revoked trust in their certificates. Anyone with at least two brain cells (which seems to exclude a large number of managers, unfortunately) could see the writing on the wall. No one would ever buy a new DigiNotar certificate, since it would always pop up a scary warning to the user in a web browser. Why bother with buying a certificate from DigiNotar and dealing with the resulting end-user support issues, when you can buy from someone else and not have to deal with the problem?

    More interesting to me is what will happen to DigiNotar's corporate parent, Vasco Data Security? The purchase of DigiNotar is relatively recent (January 10, 2011), so it's not clear how much influence Vasco's management had over DigiNotar's operations. At the very least, Vasco is going to need to pay for an audit of its own systems to reassure its direct customers.

    --Paul