No Pale Moon 6.0.1 for DigiNotar fiasco

Pale Moon releases and site news
(read-only)
User avatar
Moonchild
Pale Moon guru
Pale Moon guru
Posts: 35474
Joined: 2011-08-28, 17:27
Location: Motala, SE
Contact:

No Pale Moon 6.0.1 for DigiNotar fiasco

Unread post by Moonchild » 2011-08-30, 10:03

DigiNotar has seen an illigitimate root CA certificate issued following a hack.
The certificate has been revoked and this should cover anyone using it for on-line SSL connections.

Pale Moon will not be updated to 6.0.1 to incorporate an additional security measure that will normally never be needed.
The update would be a lot of work for simply deleting a certificate from the built-in certificate store, which you can do yourself as well (if you are really worried that the certificate revocation won't be picked up by Pale Moon) by following the steps here:

http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert

Additional remark: after you follow the steps on the URL above and you go back into the certificate manager in v6, you will see the certificate has been re-listed again. However, even if listed (you can't delete a built-in, just distrust it), if you check the button "edit trust" on the certificate, you will see that it is not trusted to be used for anything, which has the same effect as physically deleting it from the store.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite

Locked