Kensan is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Kensan @Kensan

So get this: the CEO of a Certificate Authority, which control the lock icon of your browser, sent >20k private keys via email, unencrypted. How hard can you show your incompetence and make clear that you had no place running that business in the first place?!?

digicert.com/blog/digicert-sta

@Kensan I get the feeling they just did that to force the certs to be revoked

@Kensan This thread has some good links going beyond their official statement, giving some context to the whole thing:
mstdn.io/@jomo/996042805772316

@Nuntius How were they ever in a position to issue certificates?

@Kensan I don't know, it's just unbelievably horrifying. It's a few hours after I learned about it, and I'm not even one of their clients, but I'm stilled stunned by such amateurism 😳🤯

@Nuntius Well I am sure this is just one instance where it became an incident and we learn about it...

@Kensan This mozilla.dev.security.policy thread is fun reading: groups.google.com/forum/m/#!ms

especially the bit where the Trustico CEO gets all defensive and blustery and threatens legal action for... what, for Digicert complying with their request?

@Kensan Just a note. Trustico isn't a CA, but just a reseller. (They should also know better, but they cannot issue certificates, AFAIK)

@PrincessRaspberry Yes indeed, thanks for the clarification.

@Kensan the CA system, along with DNS, is a total fucking scam