and when they don't get their results back....
I hope they have the balls to delist all non-complying CA's.
Web authentication authority GlobalSign, which voluntarily suspended operations last week while it investigated claims its security was breached, said it has uncovered evidence that one of its servers has been compromised. "The breached web server has always been isolated from all other infrastructure and is used only to serve …
GlobalSign seems to be doing a good job here, why blacklist them? Website is essentially a poster (or a shop front) - if someone paints grafitti over it it's annoying and probably means the owner should work a bit on security, but will happen from time to time. In Diginotar's case, attacker got crown jewels.
As someone who sells GlobalSign certificates, I'm really disappointed in them.
Yes, they started off by doing the right thing, but their communication has been non existent this week. First we were told systems back online on Monday, then Tuesday. So far, now being Wednesday, the system is still down and no official ETA has been given. In fact, they haven't even acknowledged that they missed their announced time yesterday.
I'll probably ditch them based purely on the communication breakdown.