The DigiNor Story–So Far
I just read an article on SANS: DigiNotar breach - the story so far. To be clear: This is not a Microsoft analysis nor any official statement from us. What we have to say is in the advisory: Microsoft Security Advisory (2607712) - Fraudulent Digital Certificates Could Allow Spoofing. It just gives an interesting overview of what happens.
What strikes me is the following fact: In the digital world a 99.9% security that a certificate can be trusted seems not to be enough – we need 100%. If we look at the physical world, we are completely different. I have a Swiss passport, which is highly regarded as a trusted document everywhere I traveled so far. It is well-known that it is an interesting target as well to create fake Swiss passports because it is well-trusted. We all know that a certain amount of passports are faked out there but we still trust them without even thinking twice (except if you work at immigration) for banking, health, whatever. I still try to understand, where the difference comes from. Why is this the case?
Roger
Comments
Anonymous
January 01, 2003
The comment has been removedAnonymous
September 02, 2011
Are you seriously complaining that what happened is acceptable? It seems you're missing the importance of SSL to the web...Anonymous
September 02, 2011
@anon think you missed the point.