Hi, I've added a second blog post that I believe will be of interest to Tor users: https://blog.torproject.org/blog/diginotar-damage-disclosure
This is the list of CA roots that should probably never be trusted again: DigiNotar Cyber CA DigiNotar Extended Validation CA DigiNotar Public CA 2025 DigiNotar Public CA - G2 Koninklijke Notariele Beroepsorganisatie CA Stichting TTP Infos CA The most egregious certs issued were for *.*.com and *.*.org while certificates for Windows Update and certificates for other hosts are of limited harm by comparison. The attackers also issued certificates in the names of other certificate authorities such as "VeriSign Root CA" and "Thawte Root CA" as we witnessed with ComodoGate, although we cannot determine whether they succeeded in creating any intermediate CA certs. That's really saying something about the amount of damage a single compromised CA might inflict with poor security practices and regular internet luck. Additionally, I've uploaded the files that include as much information as is currently know: https://svn.torproject.org/svn/projects/misc/diginotar/ All the best, Jacob _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
