[cryptography] what has the NSA broken?

Alan Braggins alan.braggins at gmail.com
Sat Sep 7 05:05:30 EDT 2013

On 06/09/13 14:58, Ralph Holz wrote:
> On 09/06/2013 07:12 AM, James A. Donald wrote:
>> Most private keys are issued by, not merely certified by, the CAs.
> Can you give numerical evidence for this claim?

I was also thinking "[citation required]".

> The CAs I work with - StartSSL and DFN - either allow to send CSRs or
> use the HTML keygen method. I'd be surprised if a majority of CAs
> insisted on generating the key for you.

Thawte for example says "Thawte does not have access to your Private
Key. It is generated locally on your server and is never transmitted to

Lots of instructions on how to generate a CSR on your server,
no links to "we'll do it for you" option:


More information about the cryptography mailing list