The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Was DigiNotar's PKIoverheid CA breached too?

Kaspersky Lab Expert
Posted September 01, 22:04  GMT
Tags: Public key infrastructure, Certificate authorities

Earlier this week DigiNotar said another audit would be performed and the results of this audit would be made public.

One of the big questions is whether the government CA branch - called DigiNotar PKIoverheid - has also been compromised.

In seeming preparation of these results, the Dutch government has sent out an email to users who've been issued a certificate via the DigiNotar PKIoverheid CA. All these companies/services are tied to the government or public services. Pending the results of this audit the Dutch government is asking PKIoverheid certificate owners to do the following:

- List the PKIoverheid certificates in the organisation.

- List the processes for which these certificates are being used.

- List the consequences in case the PKIoverheid certificates can no longer be trusted.

I think it would be wise at this point for the affected browser makers to start preparing an update which will also blacklist DigiNotar's PKIoverheid CA. Pending the outcome of the audit, of course.

A lot of Dutch government sites and services are going to be affected by the revocation. Clean up is going to be painful.

The Dutch government has used DigiNotar as an intermediary CA in quite a lot of cases. The Dutch government actually has a root CA of their own. It could be leveraged to quickly produce new certificates for affected services.

I hope it's truly clear now that the Dutch government needs to distance itself from DigiNotar.

Previous blog entries on this matter: More on DigiNotar and The bigger issue with the rogue Google SSL cert


If you would like to comment on this article you must first

Bookmark and Share