undefined | Better HN

0 pointsweddpros8y ago0 comments

I wouldn't trust anything closed source to forget that private key.

I can't see how buying an actual cert could be more risky than installing a new root CA. The goal of signing is to ensure origin and anti-tampering: two fails in this case. So now you may have a tampered with driver that doesn't remove the private key and uses the new CA to inspect your TLS traffic, and you wouldn't know.

0 comments

1 comments · 1 top-level

AstralStorm8y ago

Can you trust random procedures of company xyz to secure their private key store?

I don't. Not even Microsoft themselves. There were embarrassing slips.

j / k navigate · click thread line to collapse