Microsoft deems all DigiNotar certificates untrustworthy, releases updates
bonomi at mail.r-bonomi.com
Mon Sep 12 17:39:50 UTC 2011
> Date: Mon, 12 Sep 2011 11:22:11 -0400
> Subject: Re: Microsoft deems all DigiNotar certificates untrustworthy,
> releases updates
> From: Christopher Morrow <morrowc.lists at gmail.com>
> I think I need a method that the service operator can use to signal to my
> user-client outside the certificate itself that the certificate
> #1234 is the 'right' one.
A certificate that cdrtifies the crertificate is valid, maybe?
And why would you trust that any more than the origial certificate?
And, if you do trust *that* certificate, what do you need the original
Seriously, about the only way I see to ameliorate this kind of problem is
for people to use self-signed certificates that are then authenticated
by _multiple_ 'trust anchors'. If the end-user world raises warnings
for a certificate 'authenticated' by say, less than five separate entities.
then the compomise of any _single_ anchor is of pretty much 'no' value.
Even better, let the user set the 'paranoia' level -- how many different
'trusted' authorities have to have authenticated the self-signed certificate
before the user 'really trusts' it.
Similarly, the certificate 'owner' can decide how much 'redundancy' it
wants in the 'authentiation' of it's identity -- how many separate
authorities it gets to 'co-sign' it's certificate.
More information about the NANOG