22 Oct
2013
22 Oct
'13
3:57 a.m.
On Mon, Oct 21, 2013 at 8:09 PM, Kyle Maxwell <kylem@xwell.org> wrote:
... So how do you propose that a provider perform SSL without keeping their private cert?
change it every day. i know every CA i've used allows unlimited re-issue once purchased. every time you hand it over, change it. enforce forward secrecy, allow no non-forward secret suites. this is critical. problem solved.. ...they will however treat this as contempt of court - the escalation would be infinitely interesting! fuck this bullshit, i can't convey my contempt for this practice (private keys via pen/trap register order) enough...