On Wed, Jul 31, 2013 at 5:59 PM, George Herbert <george.herbert(a)gmail.com>wrote;wrote:
The second is site key security (ensuring the NSA
never gets your private
keys).
Who theoretically has access to the private keys (and/or the signing key)
right now?
The third is perfect forward security with rapid key rotation.
Does rapid key rotation in any way make a MITM attack less detectable?
Presumably the NSA would have no problem getting a fraudulent certificate
signed by DigiCert.