This doesn't restore my faith in the CA architecture behind SSL (by this point, I'm not sure anything can), because there isn't a doubt on my mind that it could only happen to a small CA like Diginotar. Considering that about 86% of the market is shared between the top 3 CAs and 91% by the top 5[1], that's really not worth that much. On the bright side, at least we now know that the rest, between 14% and 9%, are being held accountable. Baby steps.
Put another way: DigiNotar is going to do a bit of PR-focused restructuring. At the end of the day, the same people will be in charge and they'll still use the same technology.
6 comments
[ 2.6 ms ] story [ 39.4 ms ] thread_____
[1] https://ssl.netcraft.com/ssl-sample-report/CMatch/certs