[nsp-sec] Google Certificate Problems?
CERT-UT - Peter
p.g.m.peters at utwente.nl
Tue Aug 30 06:49:56 EDT 2011
Nick Hilliard wrote on 30-08-2011 11:34:
> ----------- nsp-security Confidential --------
>
> On 30/08/2011 09:22, Florian Weimer wrote:
>> AFACIT, Mozilla has yet to roll out the update. It would be a
>> surprising move and could have unpredictable consequences, so maybe
>> they're reconsidering.
>
> That may cause a lot of trouble in NL. The dutch government DigiD.nl
> system is chained from Diginotar, so wiping the CA from the mozilla cert is
> not without consequences.
Wiping the Diginotar CA might not be the problem. The CA for digid.nl is
"Staat der Nederlanden".
The problem is how deep the compromise of Diginotar is. Did the
attackers get so deep they could also sign certificates from other CA's
Diginotar supplies? Or was it just the Diginotar CA that is affected? If
not, they have to wipe all CA's Diginotar has access to.
--
Peter Peters
CERT-UT Officer off Duty
cert at utwente.nl http://www.utwente.nl/itsecurity
office-hours: +31 53 489 2301
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 543 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20110830/ccde58d3/attachment-0001.sig>
More information about the nsp-security
mailing list