Wow, emailing 20k private keys. /Interesting/ idea.
-
-
-
Don't worry. The email said "CONFIDENTIALITY NOTICE -- This email is intended only for ..." so I'm sure everything will work out fine.
- 1 more reply
New conversation -
-
-
Cursory reddit "research", apparently they had a "generate a key pair for me" web page (at https://www.trustico.com/ssltools/create/csr-pem/create-a-new-csr-instantly.php …). Obviously, that's a ludicrous violation from a security standpoint, but may explain how they even obtained the private keys in the first place.
-
(Otherwise your CA should never be able to obtain your private key)
End of conversation
New conversation -
-
-
No, there should really be no reason for
@MrTrustico to keep these keys around. Going to be an interesting situation as it develops.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
“emailed us approximately 20,000 certificate private keys” Am I reading this right?!?!
-
Where I worked before, I was in charge of the PKI and would revoke any cert if a user sent me the private key. I never understood why users did that. But sending 20K keys? Wow...
- 4 more replies
New conversation -
-
-
"It's e2e if I send you the private keys right?"
- End of conversation
New conversation -
-
-
Interesting that they "gave notice via email..so they could have time" but the revocation was within 24 hours. That's not much time...
-
24 hours is mandated for CAs, they don't have much choice in the matter if the keys are reported as compromised.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.



