Mozilla gave instructions on its help page to help users block the certificates
(WEB HOST INDUSTRY REVIEW) — Mozilla (www.mozilla.org) has given certificate authorities until September 16 to complete a list of security measures to ensure participants of its root program comply with security best practices.
The letter is in response to the DigiNotar attack that compromised 531 certificates and the email communication of about 300,000 Iranians. After Google detected the rogue certificate issued for Gmail, other browsers, including Mozilla, blocked the DigiNotar certificates.
According to a letter by Kathleen Wilson, module owner of Mozilla’s CA certificates module, certificate authorities must audit PKI and review systems to check for intrusion.
Certificate authorities are also required to send Mozilla a list of CA certificates from other roots in the program have cross-signed, according to the list.
Wilson also requests certificate authorities confirm multi-factor authentication is required for all accounts capable of certificate issuance. In addition, CAs must confirm automatic blocks for high-profile domain names.
“Participation in Mozilla’s root program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe,” Wilson writes. “Nevertheless, we believe that the best approach to safeguard that security is to work with CAs as partners, to foster open and frank communication, and to be diligent in looking for ways to improve.”
Wilson did not outline what would happen if the CAs do not meet the deadline.
On Monday, GlobalSign started to bring system components online after it stopped issuing certificates last Tuesday. The company says customers should be able to purchase certificates on Tuesday morning.
About Nicole Henderson
Nicole Henderson writes full-time for the Web Host Industry Review where she covers daily news and features online, as well as in print. She has a bachelor of journalism from Ryerson University in Toronto, and has been writing for the WHIR since September 2010. You can find her on Twitter @NicoleHenderson.
No related posts.
