Most other browser makers have proceeded in doing the same

Sep 5, 2011 12:20 GMT  ·  By

In the aftermath of Certificate Authority DigiNotar's breach, most browser makers have provided updates, where needed, to revoke trust for all of the certificates issued by the company, as well as other CAs operated by it.

The latest Google Chrome update for the stable channel includes this change alone. Mozilla has also revoked the root certificate from most of its products and will eventually do it for all.

"The Stable channel has been updated to 13.0.782.220 for Windows, Mac, Linux, and Chrome Frame," Google's Anthony Laforge wrote.

"We're revoking trust for SSL certificates issued by DigiNotar-controlled intermediate CAs used by the Dutch PKIoverheid program," he explained.

Removing a root CA is quite a big move, affecting a lot of websites, but Microsoft, Google and Mozilla believe that aggravating factors, like the lack of proper disclosure and communication, mean that they can't risk trusting DigiNotar anymore.

DigiNotar also ran several other CAs, all of which have been removed in the latest Google Chrome update.

Along with the latest update to Google Chrome, Mozilla has issued updates for all of its Firefox branches, mobile and desktop, as well as for Thunderbird.

Microsoft also removed DigiNotar across all of its products. Opera has a different system for verifying certificates and did not need to issue an update to protect users from forged certificates.

That said, the system only works if the CA issues a revocation for the domains that have been affected. Undiscovered forged certificates will not be detected. However, Opera hasn't said anything about removing the root CA, like the other browser makers have done.

Mozilla, on the other hand, had strong words to say about DigiNotar and how it handled the whole situation. The browser maker believes that the lack of transparency and communication along with the fact that some of the forged certificates were being used in the wild is enough for it to remove DigiNotar permanently from the list of trusted CAs.