Stewart Mitchell reports:
European authorities plan to clamp down on certificate authorities, demanding security signing organisations speak up if hit by hackers.
Certificate authorities – either private or government backed – issue digital certificates that verify web pages and code, and are a key component of the web running smoothly and securely.
But as last year’s DigiNotar debacle highlighted, there is little regulation of this critical area – and if a CA is hacked, the fallout can be severe.
“There is no comprehensive EU cross-border and cross-sector framework for secure, trustworthy and easy-to-use electronic transactions that encompasses electronic identification, authentication and signatures,” officials warned in a document proposing regulation of the arena.
Read more on PC Pro.
Not surprisingly, I endorse mandatory notification, but think it needs to be for everyone and not just CA’s.