You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
I’m just asking which part you can avoid by communication to everyone. If there is something where it helps, then yes, do it.
The point of communicating to everyone is *informing* that the system is broken and that it should not be trusted. The bad guys already know. The good guys need to know. It means things like not accepting e-signed docs without further checks.
For comparison, SSL CAs are required to revoke ROCA-vulnerable certs within 24h of being made aware of their existence (and are expected to proactively check everything they've issued for the ROCA fingerprint).
The *right* way to do this would've been to develop a fix in the, oh, 6 months Infineon had to get critical customers on board, then at public disclosure revoke all remaining certs and say "sorry, visit an eID kiosk and renew your certs/update your firmware".
If there are systems accepting bad keys, they should be informed by now. For users accepting docs, agreed, there it would help.
There is a CRL. There is a way of getting every on-line system to stop accepting these certs. But they aren't using it. Why aren't these certs in the CRL already?
I didn’t know they were used for e-signing documents to other users.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
