Me: "Surely security-oriented web services like payment processors and secure cloud storage would publish specific PEM sets containing only the CA roots they use so server-to-server comms will be more secure." The Web: "Uh... well... so we... um..."
-
-
Replying to @cmuratori
We did this when I ran security at Braintree, and I’m pretty sure they still do. While I can make an impassioned security argument for it, it definitely caused operational headaches. The CA ecosystem is not as clean as many people think.
1 reply 0 retweets 1 like
Replying to @jtdowney
I have been horrified at what I've found, personally - this is the first time I've done a server backend that handles payments. The security model of the web is not good.
11:03 AM - 17 Jul 2021
0 replies
0 retweets
2 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.