Learn More
Resend Email
7
yendenikhil
7y

Trustico CEO emailed private key which is used to sign TLS certificates, making more than 23k certificates compromised!

This makes me think, that we should not trust others for our security (like ca), failure of CA can put our website at risk. What is the better way to do it?

https://arstechnica.com/information...

rant

https

fuck

tls

vulnerability
Favorite
Ranter
Comments
  • 1
    7y
    Trustico is not a fucking CA!
    Digicert did everything that they was obligated to do,
  • 1
    7y
    @Linux Digiserve or Symmentic?

    And then why the fuck did they have private key? Or Digiserve is immbeciles?
  • 0
    7y
    @yendenikhil
    Digiserve? Symmentic?
  • 0
    7y
    @yendenikhil
    Digicert did NOT have the private keys. Trustico had.
  • 2
    7y
    @Linux typo, my auto-correct liked to play pranks on me!
  • 1
    7y
    @Linux Ok, now from computer.
    Browsers decide to stop trusting Symantec certificates, so Digicert bought their business as CA. Now Trustico sent the PK to Digicert and hence all certificates signed by this key became insecure!
  • 1
    7y
    @yendenikhil
    Trustico fucked up, Digicert did what they should do - rewoke the certs.
  • 1
    7y
    @Linux yup, trustico is messing up.
  • 2
    7y
    This is why you should generate your own CSR and private key (openssl/other GUI tools), and send ONLY the CSR to the CA for signing.
  • 1
    7y
    @dxdy agreed, but people (tech and non tech) want convenience over security, also if I remember correctly trustico wanted the private keys for certificate revocation, though why don't they use crl is what I don't understand!
  • 1
    7y
    @dxdy
    Yeah trustico is fucking stupid.
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment