On Wed, Jul 31, 2013 at 5:59 PM, George Herbert george.herbert@gmail.comwrote:
The second is site key security (ensuring the NSA never gets your private keys).
Who theoretically has access to the private keys (and/or the signing key) right now?
The third is perfect forward security with rapid key rotation.
Does rapid key rotation in any way make a MITM attack less detectable? Presumably the NSA would have no problem getting a fraudulent certificate signed by DigiCert.