**Sadiq** @staticsafe@mastodon.zombocloud.com · Mar 01, 2018, 17:11

**Sadiq** @staticsafe@mastodon.zombocloud.com · Mar 01, 2018, 17:11

Sadiq @staticsafe@mastodon.zombocloud.com

the more I read about this Trustico incident, the more absurd it gets

what the actual fuck

https://arstechnica.com/information-technology/2018/03/23000-https-certificates-axed-after-ceo-e-mails-private-keys/

#infosec

**Sadiq** @staticsafe@mastodon.zombocloud.com · Mar 01, 2018, 17:18

**Sadiq** @staticsafe@mastodon.zombocloud.com · Mar 01, 2018, 17:18

its called a *private* key for a reason

don't let the certificate authority generate it for you and/or give it to the certificate authority

the only thing you are supposed to give to the certificate authority is the certificate signature request (CSR) and they give you the certificate after the validation process

#infosec

**Bobo_PK 🦄** @Bobo_PK · 2018-03-01T18:05:57Z

Bobo_PK 🦄 @Bobo_PK

@staticsafe web of untrust

Mar 01, 2018, 18:05 · Tusky · 0 · 0