Dutch KPN underestimated Diginotar replacement certificates

KPN makes too long to replace Diginotar certificates and take unacceptable risks to safety.

KPN has a mandate from the government about 16,000 certificates replaced after the certificates of the company Diginotar were hacked last year. June 1, all Diginotar certificates replaced. Hundreds of tax offices use the certificates report for businesses.

Poor and incomplete

SRA calls the communication tax consultants who help entrepreneurs in the monthly sales tax for example, "poor, incomplete or incorrect." "Advisors start application procedures and must wait weeks," says a spokesman for SRA.
Especially with the change of location and trade name of a company creates a lot of delay in SRA. At present 438 of the 16,000 certificates were, according to a special website about the project of KPN. "At this rate we might not pick up June 1st," said the spokesman.

The Jager 

SRA should follow Minister Jan Kees de Jager of Finance will keep better control on the process. "If the deadline of 1 June is not met, the use of old Diginotar certificate renewed," said the spokesman. "Otherwise, the risk that entrepreneurs example, the monthly VAT return is too late."

Besides time-consuming calls to the KPN SRA system, BAPI called fraud. Especially the fact that the site of KPN certificates without requiring a PIN to download meets with objections from the audit firm. SRA, the acid test and took a few certificates downloaded, KPN calls the site "apparently completely hack".
No PIN is a BAPI certificate is still unusable, says SRA. "But the fact that everyone is able to issue certificates of another may download and view, is simply asking for trouble, especially with the active hackers today and experience with DigiNotar."

According to SRA by the accounting firms take issue with a cautious approach when applying for new certificates. The organization wants to talk about an extension of the transitional period, for example, 1 October, and wants fines for late returns are being repealed.

KPN calls the security in a reaction "absolutely guaranteed". "We recognize ourselves totally in the picture that SRA outlines," says a spokeswoman. She emphasizes that only a quarter of the transition period has expired, before entrepreneurs from June 1 final 'to' be.

KPN, according to her particularly much to explain. "SRA's letter shows how much uncertainty there is about this process."