Proof that the CA trust model is fundamentally broken. A certificate issuer, namely Trustico, sends 20k private keys to their mother CA Digicert. By e-mail.https://twitter.com/taviso/status/968930688303968256 …
-
-
Replying to @gammenion
Emailing them is pretty much aside from the point. The problem is that they ever had them to begin with.
1 reply 0 retweets 4 likes
Replying to @RichFelker @gammenion
If Digicert knew they were doing that, Digicert's CA cert should be revoked. If not, Digicert should just revoke all their resold certs, terminate reseller contract with them, & blacklist the ppl behind it from future reselling deals.
4:15 PM - 28 Feb 2018
0 replies
0 retweets
3 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.