Microsoft deems all DigiNotar certificates untrustworthy, releases updates

Robert Bonomi bonomi at mail.r-bonomi.com
Mon Sep 12 12:39:50 CDT 2011


> Date: Mon, 12 Sep 2011 11:22:11 -0400
> Subject: Re: Microsoft deems all DigiNotar certificates untrustworthy,
>  releases updates
> From: Christopher Morrow <morrowc.lists at gmail.com>
>
> I think I need a method that the service operator can use to signal to my 
> user-client outside the certificate itself that the certificate
> #1234 is the 'right' one.

A certificate that cdrtifies the crertificate is valid, maybe?

And why would you trust that any more than the origial certificate?

And, if you do trust *that* certificate, what do you need the original
one for?


Seriously, about the only way I see to ameliorate this kind of problem is
for people to use self-signed certificates that are then authenticated
by _multiple_ 'trust anchors'.  If the end-user world raises warnings
for a certificate 'authenticated' by say, less than five separate entities.
then the compomise of any _single_ anchor is of pretty much 'no' value.  
Even better, let the user set the 'paranoia' level -- how many different
'trusted' authorities have to have authenticated the self-signed certificate
before the user 'really trusts' it.

Similarly, the certificate 'owner' can decide how much 'redundancy' it
wants in the 'authentiation' of it's identity -- how many separate 
authorities it gets to 'co-sign' it's certificate.





More information about the NANOG mailing list