Re: That Chrome error message is dangerously misleading.
Can someone remind me how untrustworthy the authority is? e.g. could a criminal set up a fake bank site with a fake certificate that pretends to be legitimate? There was something about all the private keys of certificates having been released in the public domain - was that it? or anyway sent in insecure, possibly logged plain e-mail. Sorry, I have a hazy understanding at best of the techy part of this.
What I'm getting at is: should we presume that the certificates are already in the hands of evildoers? In which case, letting them be used at all now is inappropriately putting mercy over safety?
Biting the hand that feeds IT
