GoDaddy Revokes Lavabit's Security Certificate After Reading About How The Feds Got It
from the post-facto dept
“[W]e're compelled by industry policies to revoke certs when we become aware that the private key has been communicated to a 3rd-party and thus could be used by that party to intercept and decrypt communications,” says GoDaddy spokesperson Elizabeth L. Driscoll, in response to an inquiry about Lavabit's keys being revoked.Of course, since the service is already shut down, this move has no direct impact on anything, but makes a fairly strong symbolic statement. Many have been wondering, if the feds are ordering Lavabit to hand over its SSL keys, it's quite likely the same demand has been made of many other companies as well, most of which likely complied. So, this raises the question of whether or not certificate authorities are going to start looking for the possibility of other compromised certs and revoking them....
Separately, as Hill notes, this could also aid Levison in his legal case, as he can now legitimately argue another way in which being forced to turn over the keys could create an unreasonable burden on his business by having the keys revoked.