
How not to handle mass SSL certificate revocation requests - shubb
https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/wxX4Yv0E3Mk/jx6r9jlPAwAJ
======
ThbTs4wbXC9Qjv
Wow, Trustico majorly fucked up. I had to go back and read from the top to
understand the whole situation, but damn, they had SSL private keys being
generated and output in plaintext into the user's browser on their site... on
pages with 3rd party javascript files (some from advertising companies) being
loaded in. The keys were "compromised" the moment they output into the browser
in other words.

