Having witnessed the high profile security breach at DigiNotar- the Dutch agency that issues digital certificates to websites, makers of the Mozilla Firefox browser are asking the security certificate providers to check their internal security systems and report back within a week.
Mozilla Certificate Authority (CA) Certificates Module owner Kathleen Wilson sent emails to various Certificate Authorities asking to audit their systems for any possible loopholes. In her email , Kathleen asked the CAs to ensure that no one can issue a certificate without the standard two-factor authentication procedure.
Mozilla has issued a September 16 deadline to all the CAs to revert back to its queries. However, it did not disclose what actions it will follow if none of them responds to its request.
"Anytime we see a security issue like this that might affect [sic] multiple CAs, you can expect to see us communicating actively and quickly," a Mozilla spokeswoman said Thursday via instant message, PC World reports.
It’s noteworthy that DigiNotar took more than a month to inform Mozilla about the security breach it went through. Mozilla, in response had the firm’s root certificate removed from the list of trusted CAs.