The fate of Qt users after DigiNotar security breach - The way forward

Efe Udin
Sep 10, 2011

Dutch notary, Dick Batenburg, established DigiNotar in 1998 and it was subsequently sold to VASCO Data Security International on January 10, 2011. At the time, Jan Valcke, VASCO's president, was quoted to have said that "We believe that DigiNotar's certificates are among the most reliable in the field. However, it took only 9 months after his statement for DigiNotar to be faced with severe perils. From our previous post which listed the series of events since DigiNotar first noticed the breach on its system, you will know that there is a growing level of concern amongst users of this or related systems. Well, lets not hit on the harm that has been done but profer a solution.

Whats the way forward

Initially, DigiNotar made a statement that all its intermediate certificates are safe but this has turned out to be false. With this recent development, blacklisting only the DigiNotar root certificate does not take care of the imminent threat. The cross-signed intermediaries which ultimately depends on the DigiNotar root certificate need to be blacklisted too. All DigiNotar intermediates and root certificate have been blacklisted. See patches below

For Qt versions 4.7.3 and 4.7.4:

Comodo fraudulent certificates have been blacklisted and the patch used for blacklisting has been applied to earlier versions. (see the blog post on the Comodo attack):blacklist-diginotar-certs.diff

For Qt versions 4.7.0, 4.7.1 and 4.7.2:

A fix for this problem has been incorporated in all upcoming versions including 4.8 and 5. (see e.g. the Qt 5 commit, the commits in the 4.7 and 4.8 repositories are not public yet). blacklist-diginotar-and-comodo-certs.diff


Source Qt Labs Developer Blogs

Leave a Reply

Your email address will not be published.


About us

IoT Gadgets is dedicated to bring you all the Internet of Things IoT news that pertains to gadgets. Simple. We love for you to join us on this journey.

Contact us: [email protected]


linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram