Dutch notary, Dick Batenburg, established DigiNotar in 1998 and it was subsequently sold to VASCO Data Security International on January 10, 2011. At the time, Jan Valcke, VASCO’s president, was quoted to have said that “We believe that DigiNotar’s certificates are among the most reliable in the field. However, it took only 9 months after his statement for DigiNotar to be faced with severe perils. From our previous post which listed the series of events since DigiNotar first noticed the breach on its system, you will know that there is a growing level of concern amongst users of this or related systems. Well, lets not hit on the harm that has been done but profer a solution.
Whats the way forward
Initially, DigiNotar made a statement that all its intermediate certificates are safe but this has turned out to be false. With this recent development, blacklisting only the DigiNotar root certificate does not take care of the imminent threat. The cross-signed intermediaries which ultimately depends on the DigiNotar root certificate need to be blacklisted too. All DigiNotar intermediates and root certificate have been blacklisted. See patches below
For Qt versions 4.7.3 and 4.7.4:
Comodo fraudulent certificates have been blacklisted and the patch used for blacklisting has been applied to earlier versions. (see the blog post on the Comodo attack):blacklist-diginotar-certs.diff
For Qt versions 4.7.0, 4.7.1 and 4.7.2:
A fix for this problem has been incorporated in all upcoming versions including 4.8 and 5. (see e.g. the Qt 5 commit, the commits in the 4.7 and 4.8 repositories are not public yet). blacklist-diginotar-and-comodo-certs.diff
Source Qt Labs Developer Blogs
