DigiNotar. Obviously you can make a worst-case scenario go down the drain big time.
If you thought - and I did - that the Comodo gig was ridiculous you might already have heard of DigiNotar. And I'm somewhat running out of superlatives that have no religious context with this one. While Comodo's fuck-up was serious it was at least within expected proportions. If you fuck up in this business it usually draws some circles. That's why you should try hard not to. But the way DigiNotar screwed up is way out of scope. And the best part about it is the way they are handling it.
A quote taken from their website
Dit is dus in 99,9% van de gevallen onjuist, het certificaat kan wel worden vertrouwd.
It roughly translates to. This is because in 99.9% of cases the warning is unjustified and the certificate can be trusted.
For some strange reason this press release has vanished from their website but it's currently still available in Google's cache. The reasons it has vanished probably has a lot to do with the image that you get from this company. I wonder what their mantra is. Probably something alongside We don't give a fuck.
Because that's exactly what this - now vanished - quote suggests. You can - and should - still trust us. Even though you have no particular reason to do so. In fact we just provided evidence galore that you should not... Instead of trying their best to get everything off of the web that might be risky they suggest that you ignore the fact that they just got owned completely. But hey. A Russian shop on a Chinese domain selling Canadian Viagra is 99.9% safe. And behold! We certify that. The interesting question here would be if DigiNotar would also be liable for it. A wild guess? Probably not. And I suspect the removal of this quote might have something to do with exactly that.
Security on the web is not meant as a save-haven business idea for losers. If you can't stick to the standards you must be a goner. And DigiNotar is way beyond that. And this has nothing to do with DigiNotar's ( hopefully former ) customers to get problems. They already have...plenty. The biggest of them is DigiNotar. Scrap them and let their customers rip whatever is left out of them. There's no place for guys like DigiNotar in the CA business. And to put it with Achmed's words: DigiNotar is not too big to fail.