9/23/11: Update on Further DigiNotar Issues

The Dutch government today announced that DigiNotar’s subordinate Certificate Authorities (subCAs) under the Staat der Nederlanden root certificates will be revoked next Wednesday, September 28th.  This follows on the Dutch government’s removal of trust from DigiNotar, DigiNotar’s removal from the Netherlands Trust List, and the company’s announcement of bankruptcy proceedings.

With this latest action, new digital signatures created with certificates from these certificate families will no longer show as valid in Acrobat and Reader, regardless of version.  This is due to the fact that Acrobat and Reader check if certificates associated with the signing credential are revoked at signing and at document open.

Note that this will not necessarily invalidate existing documents, if you are opening them with Acrobat or Reader 9.1+.  This is due to the fact that these versions of the product check the validity of the signature at the signing time by default, not at the current time–assuming that the signature includes validation information from when it was signed.  For example, a PDF signed one year ago will still show as valid and trusted, whereas one created next Friday will show as invalid.

The action by the Dutch government also means that Adobe will not need to take any action regarding the Staat der Nederlanden roots in the Adobe Approved Trust List.