Posts tagged "adobe approved trust list"

Information Regarding Adobe Reader & Acrobat and the Removal of DigiNotar from the Adobe Approved Trust List

In the past two weeks, it has come to light that Dutch certificate authority DigiNotar suffered a serious security breach in which a hacker generated more than 500 rogue SSL certificates and had access to DigiNotar’s services, including many that were relied upon specifically by the Dutch government for key citizen and commercial services.  The full extent of the attack is still not clear.

Last week, many of the major browser vendors removed DigiNotar certificates from their list of trusted certificates, and in turn, the Dutch government renounced trust in DigiNotar and took over certificate operations at the company.

What Does This Mean for Adobe Customers?

The DigiNotar Qualified CA root certificate is part of the Adobe Approved Trust List (AATL) program, which we have mentioned in this space on multiple occasions.  The AATL is designed to make it easier for authors to create digitally signed PDF files that are trusted automatically by Adobe Reader and Acrobat versions 9 and above, and includes many certificates from around the world.

While Adobe is not aware of any evidence at this time of rogue certificates being issued directly from the DigiNotar Qualified CA root in particular, an official report by Dutch security consultancy Fox-IT stated that there was evidence of the hacker having access to this CA, thus possibly compromising its security.  (The rogue certificates known today are SSL certificates originating from the DigiNotar Public CA.)

Adobe takes the security and trust of our users very seriously. Based on the nature of the breach, Adobe is now taking the action to remove the DigiNotar Qualified CA from the Adobe Approved Trust List. This update will be published next Tuesday, September 13, 2011 for Adobe Reader and Acrobat X. We have delayed the removal of this certificate until next Tuesday at the explicit request of the Dutch government, while they explore the implications of this action and prepare their systems for the change.

Continue reading…

Trust, Enhanced: More updates to the Adobe Approved Trust List

Today, Adobe pushed out yet another update to its certificate trust program implemented in Adobe Reader and Acrobat.  The AATL program, launched in 2009, makes it easier for users to view and rely on digitally signed PDFs by automatically displaying a green checkmark for those signature credentials which meet higher assurance requirements when opened in Reader and Acrobat 9 and X.

The update today included the Columbian A.C. Raiz Certicamara S. A. root certificate for Acrobat and Reader X.

Continue reading…

SuisseID Launches in Switzerland – Adobe Approved Trust List Enables Trust for Several Providers

Last week, the Swiss government announced (English translation) the launch of the SuisseID, a program intended to provide citizens and business with access to high assurance identity credentials that can be used to access government and business services as well as digitally sign documents with legally binding signatures.

Two Members of the Adobe Approved Trust List (AATL), SwissSign and newly joined QuoVadis, are also key Providers in the SuisseID program.

Continue reading…

Trust Marches Onward: Adobe Approved Trust List Welcomes Two New Members

Some of our savvy readers and users may have already noticed a dialog box asking them to download a “security settings update from Adobe Systems”:

sectysettingsupdate_shot.png

No, it’s not the latest patch.  In fact, by clicking Yes, Acrobat and Reader 9+ users are downloading an update to the Adobe Approved Trust List (AATL), a list of trusted digital certificates that provides users with better assurances that the digitally signed documents they are receiving can be trusted.  This is visible to document recipients as a green check mark or blue ribbon, depending on the type of digital signature.

In this update, four certificates, two each from Entrust and QuoVadis respectively, have been added to the AATL…

Continue reading…