So get this: the CEO of a Certificate Authority, which control the lock icon of your browser, sent >20k private keys via email, unencrypted. How hard can you show your incompetence and make clear that you had no place running that business in the first place?!?
@Kensan I get the feeling they just did that to force the certs to be revoked
@Kensan Well played the CEO
@Nuntius How were they ever in a position to issue certificates?
@Kensan I don't know, it's just unbelievably horrifying. It's a few hours after I learned about it, and I'm not even one of their clients, but I'm stilled stunned by such amateurism 😳🤯
@Nuntius Well I am sure this is just one instance where it became an incident and we learn about it...
@Kensan This mozilla.dev.security.policy thread is fun reading: https://groups.google.com/forum/m/#!msg/mozilla.dev.security.policy/wxX4Yv0E3Mk/QZt8UPhKAwAJ
especially the bit where the Trustico CEO gets all defensive and blustery and threatens legal action for... what, for Digicert complying with their request?
@Kensan Just a note. Trustico isn't a CA, but just a reseller. (They should also know better, but they cannot issue certificates, AFAIK)
@PrincessRaspberry Yes indeed, thanks for the clarification.
@Kensan the CA system, along with DNS, is a total fucking scam
Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!