Whether the claim made by the “Comodohacker” that he has compromised four other CAa besides DigiNotar is true or not, GlobalSign – the only one of those CAs that he has named – has decided to suspend the issuing of certificates for the time being.
“GlobalSign takes this claim very seriously and is currently investigating,” says the short press release. “As a responsible CA, we have decided to temporarily cease issuance of all Certificates until the investigation is complete. We will post updates as frequently as possible. We apologize for any inconvenience.”
This is a praiseworthy step by one of the largest certificate issuer in the world, who seems to have learned a thing or two from DigiNotar’s unfortunate example. I hope that other CAs across the globe have already begun auditing their own systems for signs of a breach – just in case.
In the meantime, the new Firefox version removed trust exceptions for all certificates issued by the Dutch government CA (Staat der Nederlanden) and therefore offers additional protection against fraudulent DigiNotar certificates.
Microsoft has also announced that it now deems all DigiNotar certificates to be untrustworthy and has moved them to the Untrusted Certificate Store.
As Andrew Storms, Director of Security Operations for nCircle commented: “It’s game over for DigiNotar. Very soon they will officially no longer be a valid entity to issue certificates.”