Dutch Government Revokes Diginotar Certificates

An anonymous reader writes "After previously claiming that the Iranian hack of CA Diginotar did not compromise certificates of the Dutch government, it has now been decided that there is too much risk and the certificates will have to be revoked after all (original Dutch text). Since the Dutch government has been using only Diginotar-supplied certificates, this will leave all government websites with invalid certificates while a new supplier is being searched for. The minister of internal affairs recommends people not to use the websites if a warning about an invalid certificate appears." Related: Reader TheAppalasian links to Johnathan Nightingale of Mozilla Engineering explaining in clear terms why DigiNotar should no longer be trusted.

Overview

[Anonymous Coward]

If you haven't been following this story, Gerv (one of the Mozilla people directly dealing with this) has a good overview post with something of a timeline [gerv.net], hitting all the salient points about just how much DigiNotar has fucked up.

Re:Untrust Diginotar

[iceperson]

Yeah, it's super hard in windows...
http://www.microsoft.com/technet/security/advisory/2607712.mspx [microsoft.com]
All supported editions of Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the trust of a certificate authority. There is no action required for users of these operating systems because Microsoft has removed the DigiNotar root certificate from the Microsoft Certificate Trust List.

I don't have an XP box here to look at, but I'm pretty sure you can get to the Trusted Root Cert Authorities by going IE >Internet Options > Content > Certificates > Trusted Root Cert Authorities, doubleclick DigiNotar and uncheck all.