Trustico Shenanigans
2018-03-02 22:08:21.97275+01 by Dan Lyke 0 comments
How not to run a CA. This in particular is about the recent failure of the Trustico certificate authority, but it's a really good reminder that you shouldn't rely solely on HTTPS for anything more important than banking.
Also, don't give your private keys to anyone.
This Twitter thread.... Apparently Trustico, for ease of customer use, generated the private keys. So in a contract dispute, their CEO emailed, in plain text, 23,000 private keys... And then made many conflicting and wrong statements.