CryptoSeal shutters, ala: LavaBit
coderman
coderman at gmail.com
Mon Oct 21 20:57:18 PDT 2013
On Mon, Oct 21, 2013 at 8:09 PM, Kyle Maxwell <kylem at xwell.org> wrote:
> ...
> So how do you propose that a provider perform SSL without keeping
> their private cert?
change it every day. i know every CA i've used allows unlimited
re-issue once purchased.
every time you hand it over, change it.
enforce forward secrecy, allow no non-forward secret suites. this is critical.
problem solved..
...they will however treat this as contempt of court - the escalation
would be infinitely interesting!
fuck this bullshit, i can't convey my contempt for this practice
(private keys via pen/trap register order) enough...
More information about the Testlist
mailing list