Date: Mon, 12 Sep 2011 11:22:11 -0400 Subject: Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates From: Christopher Morrow <morrowc.lists@gmail.com>
I think I need a method that the service operator can use to signal to my user-client outside the certificate itself that the certificate #1234 is the 'right' one.
A certificate that cdrtifies the crertificate is valid, maybe? And why would you trust that any more than the origial certificate? And, if you do trust *that* certificate, what do you need the original one for? Seriously, about the only way I see to ameliorate this kind of problem is for people to use self-signed certificates that are then authenticated by _multiple_ 'trust anchors'. If the end-user world raises warnings for a certificate 'authenticated' by say, less than five separate entities. then the compomise of any _single_ anchor is of pretty much 'no' value. Even better, let the user set the 'paranoia' level -- how many different 'trusted' authorities have to have authenticated the self-signed certificate before the user 'really trusts' it. Similarly, the certificate 'owner' can decide how much 'redundancy' it wants in the 'authentiation' of it's identity -- how many separate authorities it gets to 'co-sign' it's certificate.