Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

The Dutch government, which relies on the digital signatures issued by DigiNotar for its encrypted communications, has taken over the company’s certificate operations. In addition, it is investigating whether the focus on Iranian users could indicate that the nation’s government may have been involved in the attack.

The certificate system works, but needs increased focus on security, says Amar Doshi, a senior manager of certificate products with security firm Symantec, which acquired and now manages the certificate authority VeriSign.

“All the events of the last couple of weeks really go to show that ‘a cert is a cert is a cert’ doesn’t really apply,” Doshi says. “There are differences between certificates. There are differences between CAs.”

Some of the browser makers seem ready to focus on those differences. Last week, the Mozilla Foundation, the group that manages development of the Firefox browser, provided certificate authorities with a list of security checks to complete in eight days. It said that any authority that fails to comply with the request could find any certificates issued by them deemed untrustworthy by Mozilla.

“Participation in Mozilla’s root program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe,” Kathleen Wilson, the program manager in charge of Mozilla’s CA Certificates Module, said in an e-mail to certificate authorities. 

3 comments. Share your thoughts »

Credit: Technology Review

Tagged: Web, security, Web, Internet crime

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me