The Opera Rootstore

There is a first time for many things. Sometimes this is positive, but other times it is unfortunate. This time, we're dealing with one of the latter variety.

Today, we have updated the Opera Rootstore and disabled the DigiNotar Root (Note: DigiNotar is not in any way associated with DigiCert, which is another CA).

The reason for this action is due to last week's news about the large scale attack on DigiNotar's CA systems and the subsequent discoveries about what has happened after the attack.

This is the first step in our handling of this incident. We are currently testing further updates that will add the DigiNotar Root to our "Untrusted" repository.

That a CA gets attacked and even tricked into issuing certificates that turn out to be fraudulent is not, by itself, a reason to revoke trust in a Root CA. CAs are high profile targets for criminals given the role CAs have in the online security framework; it is how the CA responds to such events that determine how much we can trust it.

In this case, DigiNotar's response has unfortunately fallen short in many respects, including the following:

• They did not inform the affected websites, the browsers or the CABForum (CA/Browser Forum) about what had happened for more than 5 weeks, and they only did so after one of the certificates turned up being used in a MITM attack against Google websites. This can be compared against the fact that the browsers were informed about the (successful) attack on Comodo, as well as the (unsuccessful) attack on Startcom, within a few days of the events.
• While they did revoke a number of certificates that were fraudulently issued, they did not inform the affected websites, and they did not discover that a certificate for Google's domain had been issued until after Google had learned of the certificate from users being actively attacked with it (a discovery made possible by a recent Chrome security measure implemented for Google's sites) and informed DigiNotar and the browsers about it.
• The reason for the delay in discovering this certificate was that the attackers had tampered with the log information in the certificate issuance system for at least one of the subCAs. It is presently unknown whether the attackers also tampered with the logs for the other subCAs.
• Due to the log problems, it is in fact still unknown how many certificates that were really issued by this system or for what websites! We have seen reports that more than 500 certificates were issued during the attack, with less than 300 being positively identified, according to our information.

For these reasons, we are today discontinuing distribution of DigiNotar's Root.

A couple of points to note:

• No user action is needed to get this update. If your installation does not have the DigiNotar Root installed already, visiting a site with a DigiNotar issued certificate will trigger a "Unknown issuer" dialog; if this happens, click "Reject" on the dialog.
• This first step of our planned revocation does not remove, or untrust, the DigiNotar Root from Opera installations that already have the Root installed. For these installations, sites using DigiNotar certificates will continue to work as before, indicating a secure connection, as will the EV-enabling of the Root until the next weekly download from the repository server (using the menu choice Help->Check for Updates will trigger an immediate update). For advanced users: if your installation has this certificate, and you want to untrust it now, you can do so by following these steps:

1. Go to the Root Certificate Management dialog in the Menu->Setting->Preferences->Advanced
   Preferences->Advanced->Security->Manage Certificate->Authorities.
2. Locate the "DigiNotar Root CA" entry and click "View".
3. Uncheck the "Allow connections to sites using this certificate".
4. Click "OK" on the viewer dialog, the Certificate Manager and the preference dialog.
5. The DigiNotar certificate is now untrusted, and visiting sites issued from the Root will cause Opera to refuse to connect to the site, without displaying a certificate warning.

Please note that this action does not affect the Dutch Government CA "PKI Overheid" Root CA, which is in the process of revoking the subCA certificate they issued to DigiNotar.

In relation to these events, the browsers and the Certificate Authorities in the CABForum are monitoring the situation and are discussing further improvements to how certificates for secure websites work, both in browsers and on the CA side.


Update Sep 8: Second stage deployed.