September 23, 2014

Once Bitten, Twice Shy – Mozilla Tell CAs to Audit Their Systems

(LiveHacking.Com) – Mozilla has sent a message to all the certificate authorities which participate in the Mozilla root certificate program. It has requested that all participating CA’s complete and audit of their PKI systems by September 16, 2011.

This call to review and confirm the integrity of their certificate systems comes after Mozilla removed the DigiNotar root certificate in response to their failure to promptly detect, contain, and notify Mozilla of a security breach regarding their root and subordinate certificates.

As part of the audit Mozilla are asking that each CA confirm that it has automatic blocks in place for high-profile domain names (including those targeted in the DigiNotar and Comodo attacks this year). Plus the CA needs to further confirm its process for manually verifying such requests, when blocked.

Mozilla also have reminded the CAs that participation in Mozilla’s root program is at its sole discretion. Which is code for, comply or we will kick you out. However the message does change it tone a little by underlining Mozilla’s commitment to working with CAs as partners, “to foster open and frank communication, and to be diligent in looking for ways to improve.”

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks