More Firms Flee DigiNotar

Monday, September 12, 2011 @ 02:09 PM gHale


Adobe is walking away from DigiNotar’s Qualified CA certificate from the Adobe Approved Trust List (AATL), company officials said.

The move would affect Adobe Reader and Adobe Acrobats Versions 9 and X. After learning DigiNotar suffered a compromise in its digital certificates, software companies are breaking ties with the Dutch firm.

RELATED STORIES
Mozilla Asks if Other CAs are Safe
Hack Browsers Need Second Fix
Another Firm Yanks Digital Certificates
SSL Hacker will ‘Strike Back Again’

In a post on Adobe’s Product Security Incident Response Team (PSIRT) blog, the company provided certificates from the Approved Trust List manually. Those instructions are available on the PSIRT blog.

Software vendors including Microsoft, Google and The Mozilla Foundation moved to break trust with DigiNotar’s compromised certificate authorities almost immediately after word of a fraudulent certificate for Google.com issued by DigiNotar broke on August 27.

Both companies have taken additional steps since then to expand the reach of their bans as more information about the extent of the breach has been made public.

Specialty browser makers like Mozilla asked all of the CAs involved in the root program to conduct audits of their PKIs and verify that two-factor authentication and other safeguards are in place to protect against the issuance of rogue certificates.



Leave a Reply

You must be logged in to post a comment.