In the latest installment of this seemingly never-ending saga, a Dutch court in Haarlem (NL) declared DigiNotar bankrupt. Read more:
The CA business is all about selling trust. After all a CA is supposed to be a trusted third party. Let's hope all the remaining ones get the right message: it's not about not getting caught being hacked. On the contrary: it's about doing the right thing once you have been hacked. Let's hope it leads to more transparency and public scrutiny of the CAs we trust explicitly or implicitly though the choice of some of our vendors. -- |
Swa 760 Posts Sep 20th 2011 |
Thread locked Subscribe |
Sep 20th 2011 9 years ago |
I'm surprised they are bankrupt - but only because others in their situation haven't gone bankrupt. When Verisign gave out 2 certs for Microsoft to someone who walked in off the street in 2001, I figured Verisign would go out of business since all they were selling was trust, and they had a complete failure of their business. I thought - how could anyone every trust them again - they only do one thing and they've proven they can't do that right. Instead, they issused a quick "I'm sorry" and then went about business as usual. So I'm surprised that Diginotar is bankrupt because other CA's have totally screwed up and survived just fine.
|
Anonymous |
Quote |
Sep 20th 2011 9 years ago |
So, what gives a good indicator that the parent company, VASCO can be trusted? Given my experience with the corporate world, what's happening at a subsidiary can often be a good indicator of the business practices of the parent. Justify us trusting the parent company on this one.
|
Anonymous |
Quote |
Sep 20th 2011 9 years ago |
I'm pretty sure that if you were a car salesman in a similar situation (you can sell cars but those cars cannot be used on public roadways) you'd go bankrupt as well. No one will buy a certificate if the major OSes and browsers all do not recognize them as a trusted source.
|
Anonymous |
Quote |
Sep 20th 2011 9 years ago |
Three words: Internet death penalty
|
Anonymous |
Quote |
Sep 21st 2011 9 years ago |
This would appear to be an example the worst-case impact that we've avoided in our risk assessments, now realized: Your business will be critically (fatally) damaged due to insufficient security and a resultant breach.
What gets me is that for many years in the last decade, FUD was frowned upon. Now, thanks to polymorphic malware, advanced threats, and highly organized malefactors, FUD is what's being sold (and bought), even from many of the most credible sources in this field. |
Anonymous |
Quote |
Sep 22nd 2011 9 years ago |
Sign Up for Free or Log In to start participating in the conversation!