[Cryptography] CA reseller emails 23, 000 client private keys to parent CA

[Peter Gutmann]

I wrote:

>In case anyone missed this, CA reseller Trustico recently emailed 23,000 of
>its client's private keys that it generated and held for them to the CA that
>issues certificates for it.

It's now been pointed out that the server they were using to do this is
vulnerable to remote code exec as root.  For people who aren't doing so
already, this is definitely a soap opera worth following.

Peter.