On Tuesday, March 28, 2017 at 11:08:08 PM UTC-4, uri...@gmail.com wrote:
> For what it's worth, this is the latest post on facebook from the researcher.
> https://www.facebook.com/cbyrneiv/posts/10155129935452436
> 
> The private key storage issue sounds like a reseller tool, like
> https://www.thesslstore.com/ssltools/csr-generator.php
> and he found the private key was stored with the reseller,  when he accessed 
> the account.
> 

I work for The SSL Store and just wanted to quickly clarify that Urijah is 
using our site as an example of the *type* of tool that the private key issue 
was related to.

But our specific tool does not store the user's private key in any way. Nor is 
there any scenario in which we store the user's private key or make it 
accessible to them through their account.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to