[SSL Observatory] Diginotar broken arrow as a tour-de-force of PKI fail
Jacob Appelbaum
jacob at appelbaum.net
Sun Sep 4 10:45:14 PDT 2011
On 09/04/2011 08:15 AM, Peter Gutmann wrote:
> [Sent to three lists from which input would be useful, please trim followups
> if you feel it's off-topic]
>
> I was reading through the various summaries of the Diginotar broken arrow
> yesterday and realised that it's a pretty comprehensive tour de force of every
> piece of PKI brokenness that people have been warning about for the past ten
> to fifteen years. Almost everything in it would have been entirely avoidable
> if PKI were less driven by religious dogma and more by good, solid security
> engineering. Here are some of the cases that spring to mind:
>
Hi Peter,
I've just disclosed a list of currently known sites, serials, CNs, etc
as sent to me by the Dutch Government.
Here's a blog post about it:
https://blog.torproject.org/blog/diginotar-damage-disclosure
Here are the files with more raw information:
https://svn.torproject.org/svn/projects/misc/diginotar/rogue-certs-2011-09-04.xlsx
https://svn.torproject.org/svn/projects/misc/diginotar/rogue-certs-2011-09-04.csv
All the best,
Jacob
More information about the Observatory
mailing list