Talk:DigiNotar
This article is rated B-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||
|
Mozilla and DigiNotar
[edit]It currently reads:
- Because these certificates were initially thought not to be compromised by the security breach, they were, at the request of the Dutch authorities, kept exempt from the removal of trust.[20][16] However, this assessment was rescinded after an audit by the Dutch government, and also the "Staat der Nederlanden" certificates were revoked.[16] The PKIoverheid certificates issued by DigiNotar were blacklisted by Mozilla in the next security update.[21] The Dutch government announced on September 3, 2011, that they will switch to a different firm as certificate authority.[22]
There seem to be some misunderstandings here. In Firefox 3.6.21 and 6.0.1 (and SeaMonkey 2.3.2 and two Thunderbird versions), Mozilla revoked DigiNotar's root certificate. The plan was to keep the Dutch government certificates, but the people at Mozilla made a mistake: they needed to allow two different certificates, but they accidentally only allowed one of them. There was a plan to make a quick update to Firefox, Thunderbird and SeaMonkey allowing both Dutch governmental certificates, but because of changes in the events, Mozilla later decided that both of the certificates were to be blocked. The part "were blacklisted [...] in the next security update" is not accurate as an update blocking both Dutch governmental has yet to be released (so the past tense is not accurate). On the other hand, the release is planned for tomorrow, so the statement will be almost correct tomorrow.
The current wording suggests that all Dutch governmental certificates were removed in the same security update. This is not correct because of the mistake in Fx 3.6.21 et al. I'll do a slight rewording to avoid that implication and adjust it into something which will be correct tomorrow. A good source for all information I've written here is the relevant Bugzilla page. (Stefan2 (talk) 14:37, 5 September 2011 (UTC))
"most reliable in the field" quote
[edit]From the article:
In a VASCO press release dated June 20, 2011, one day after DigiNotar detected a security breach,[1] VASCO's president and COO Jan Valcke is quoted as stating "We believe that DigiNotar's certificates are among the most reliable in the field."[2]
All of the sources say that VASCO claimed July 19th was the date the security incident was detected. I can't find anything backing up June 19th, so I removed the highlighted text. The source that was removed along with this is valid and should be worked into the article. strcat (talk) 03:30, 6 September 2011 (UTC)
- Source: [1] (Vasco news release). The news release is dated 2011-08-30, but the report claims that the security incident was discovered on 2011-07-19: "On July 19th 2011, DigiNotar detected an intrusion into its Certificate Authority (CA) infrastructure, which resulted in the fraudulent issuance of public key certificate requests for a number of domains, including Google.com." (Stefan2 (talk) 13:58, 6 September 2011 (UTC))
- Oh, June. That's probably just a typo for July.
- Originally I had put in that line June 20, 2011, thus before the security breach was detected, VASCO's president and this was later replaced by the above yellow version. As imho the mentioning of the fact that this statement was before Vasco was aware of any problems I'll put that comment back in. Tonkie (talk) 22:50, 6 September 2011 (UTC)
- Source: [1] (Vasco news release). The news release is dated 2011-08-30, but the report claims that the security incident was discovered on 2011-07-19: "On July 19th 2011, DigiNotar detected an intrusion into its Certificate Authority (CA) infrastructure, which resulted in the fraudulent issuance of public key certificate requests for a number of domains, including Google.com." (Stefan2 (talk) 13:58, 6 September 2011 (UTC))
- Reading the full report of FOX-IT learned that already on 19 JUNE (with a N), DigiNotar became aware of the first intrusion/beaches: see the FOX IT Interim report on Diginotar website, Timeline, page 13. So the earlier mentioned comments that the breach were detected in July 2011 were also incorrect statements of DigiNotar. WTF can still trust these boys that found there base in the civil law notarie world....??!! Tonkie (talk) 02:10, 7 September 2011 (UTC)
- Nice work! It appears that they just lied about the date... strcat (talk) 03:27, 7 September 2011 (UTC)
- Reading the full report of FOX-IT learned that already on 19 JUNE (with a N), DigiNotar became aware of the first intrusion/beaches: see the FOX IT Interim report on Diginotar website, Timeline, page 13. So the earlier mentioned comments that the breach were detected in July 2011 were also incorrect statements of DigiNotar. WTF can still trust these boys that found there base in the civil law notarie world....??!! Tonkie (talk) 02:10, 7 September 2011 (UTC)
Can someone clear this up in the article text, then? At the moment, if just reading the article as currently written, it looks like there's a mistake in the article about the dates.--Pelago (talk) 14:03, 28 November 2011 (UTC)
References
- ^ FOX-IT Interim Report on DigiNotar security incident, visited 5 September, 2011
- ^ "VASCO Tackles Global SSL-Certificate Market". MarketWatch. 20 June 2011.
Ownership of PinkRoccade
[edit]The Article states that GetronicsPinkRoccade is owned by KPN. In fact, Getronics and PinkRoccade were split up by KPn and PinkRoccade was sold to TSS about a year ago. I don't see how this is relevant though, so maybe ownership and subsidiaryship of a company like PinkRoccade should not be mentioned in the article. So I'll leave editing to more experienced editors. — Preceding unsigned comment added by 85.90.69.164 (talk) 11:40, 8 September 2011 (UTC)
Steps taken by the dutch government contradiction.
[edit]After the removal of trust in DigiNotar, there are now four Certification Service Providers (CSP) that can issue certificates under the PKIoverheid hierarchy:[40]
Digidentity [41]
ESG or de Electronische Signatuur[42]
QuoVadis[43]
Getronics Pink Roccade
All three companies have opened special help desks and/or published information on their websites as to how organisations that have a PKIOverheid certificate from DigiNotar can request a new certificate from one of the remaining three providers.[42][43][44]
First it says there are four CSPs, and then it says all three companies. I'm not sure which it is. Does anybody know? 65.128.173.206 (talk) 02:12, 4 December 2012 (UTC)
NSA
[edit]I left the discussion of possible NSA involvement (or at least taking advantage after the fact) in for now. However, the evidence doesn't seem that strong, and there are contrary interpretations (e.g. Rouwhorst's view, which I added). It might be undue weight to keep it in based on just the one sentence in Schneier's post. Superm401 - Talk 00:19, 20 November 2013 (UTC)
External links modified
[edit]Hello fellow Wikipedians,
I have just modified 7 external links on DigiNotar. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
- Added archive https://web.archive.org/web/20110917092647/http://www.vasco.com/company/press_room/news_archive/2011/acquisition_diginotar.aspx to http://www.vasco.com/company/press_room/news_archive/2011/acquisition_diginotar.aspx
- Added archive https://web.archive.org/web/20110831163718/http://www.diginotar.nl/OverDigiNotar/TTPnotarissen/tabid/318/Default.aspx to http://www.diginotar.nl/OverDigiNotar/TTPnotarissen/tabid/318/Default.aspx
- Added archive https://web.archive.org/web/20110831143034/http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx to http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
- Added
{{dead link}}
tag to https://applicaties.digid.nl/aanvragen - Added archive https://web.archive.org/web/20120712050404/https://www.digidentity.eu/static/nl/digidentity-ssl/pkioverheid-ssl.html to https://www.digidentity.eu/static/nl/digidentity-ssl/pkioverheid-ssl.html
- Added archive https://web.archive.org/web/20111010072527/http://www.de-electronische-signatuur.nl/web/nl/certificaten/pkioverheid-certificaten/pkioverheid-services-certificaten to http://www.de-electronische-signatuur.nl/web/nl/certificaten/pkioverheid-certificaten/pkioverheid-services-certificaten
- Added archive https://archive.is/20111010022710/http://www.pki.getronics.nl/website/133/ to http://www.pki.getronics.nl/website/133/
- Added archive https://web.archive.org/web/20110831143034/http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx to http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}}
(last update: 5 June 2024).
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
Cheers.—InternetArchiveBot (Report bug) 14:57, 10 September 2017 (UTC)