[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] Dutch CA actually issued a lot more than *.torproject.org



Hi,

I've added a second blog post that I believe will be of interest to Tor
users:
https://blog.torproject.org/blog/diginotar-damage-disclosure


This is the list of CA roots that should probably never be trusted again:

DigiNotar Cyber CA
DigiNotar Extended Validation CA
DigiNotar Public CA 2025
DigiNotar Public CA - G2
Koninklijke Notariele Beroepsorganisatie CA
Stichting TTP Infos CA

The most egregious certs issued were for *.*.com and *.*.org while
certificates for Windows Update and certificates for other hosts are of
limited harm by comparison. The attackers also issued certificates in
the names of other certificate authorities such as "VeriSign Root CA"
and "Thawte Root CA" as we witnessed with ComodoGate, although we cannot
determine whether they succeeded in creating any intermediate CA certs.
That's really saying something about the amount of damage a single
compromised CA might inflict with poor security practices and regular
internet luck.

Additionally, I've uploaded the files that include as much information
as is currently know:
https://svn.torproject.org/svn/projects/misc/diginotar/

All the best,
Jacob
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk