What's happening with lavabit's certs? I'm getting this error from Chrome:
The certificate that Chrome received during this connection attempt has been revoked.
Error type: Key revocation
Subject: *.lavabit.com
Issuer: Go Daddy Secure Certification Authority
Public key hashes: sha1//dHxYZfXYW3xW7ib88kHFDNZIAg= sha256/hnOeP/93cTcwYUvU+lLtm2Jd6SXWLzr+fO0F/Srdw98= sha1/ui61qD4TI9lTS15lvOejE13QqZY= sha256/MrZLZnJ6IGPkBm87lYywqu5Xal7O/ZUzmbuIdHMdlYc= sha1/7uWfHiqlRMPLJUOmmlvUaiW8u44= sha256/VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8=
This absolutely isn't intended to be victim blaming in the slightest but my first thought when the story detailing his troubles in the Guardian came out a few days ago was: if you're going to start a service that challenges law enforcement and the intelligence services, you should really have a competent lawyer on retainer.
Thinking about it today, it occurs to me that in this day and age pretty much anybody with 410,000 users should probably have a competent lawyer who understands their business on retainer. What would be the exceptions to that?
I have no idea about lavabit's financials but maybe they were not making enough money from the paid accounts. I am assuming a lawyer on retainer would be very expensive.
That's unfortunate but it's also a bit like saying, "it made less than 100k USD yearly revenue, they couldn't afford backing up their data." Yeah both a hard-disk crashing and a legal attack are rare, but in their business they need to expect that it will happen sooner or later.
Let's say your attorney charges $250/hour, and you expect to need up to 40 hours of work on short notice. That's 40 * $250 = $10,000.
If the business ran into legal trouble and had to use up the 40 hours, it wouldn't automatically result in the attorney cutting off services. Most likely, if the attorney thought the business was solvent, s/he would continue working, and would invoice the business for anything above the $10,000.
I get this when I open that link in Firefox 29.0.1:
Secure Connection Failed
An error occurred during a connection to lavabit.com.
Peer's Certificate has been revoked.
(Error code: sec_error_revoked_certificate)
And there is no way to override it or make an exception.
19 comments
[ 913 ms ] story [ 1564 ms ] threadThe certificate that Chrome received during this connection attempt has been revoked. Error type: Key revocation Subject: *.lavabit.com Issuer: Go Daddy Secure Certification Authority Public key hashes: sha1//dHxYZfXYW3xW7ib88kHFDNZIAg= sha256/hnOeP/93cTcwYUvU+lLtm2Jd6SXWLzr+fO0F/Srdw98= sha1/ui61qD4TI9lTS15lvOejE13QqZY= sha256/MrZLZnJ6IGPkBm87lYywqu5Xal7O/ZUzmbuIdHMdlYc= sha1/7uWfHiqlRMPLJUOmmlvUaiW8u44= sha256/VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8=
Thinking about it today, it occurs to me that in this day and age pretty much anybody with 410,000 users should probably have a competent lawyer who understands their business on retainer. What would be the exceptions to that?
If the business ran into legal trouble and had to use up the 40 hours, it wouldn't automatically result in the attorney cutting off services. Most likely, if the attorney thought the business was solvent, s/he would continue working, and would invoice the business for anything above the $10,000.
And tptacek's first comment on that post does a good job of highlighting where Ladar's narrative cuts across the timeline of what actually happened.
EDIT: Oh, clicking more reveals the error appears because the certificate has been revoked.