This is sort of obvious. Facebook's key is signed by a well-known CA. Anyone can make a cert for anything, but that doesn't mean that browsers will recognize it as being "valid".
The author fails to mention how this any more "broken" than TLS on anything else.
2 comments
[ 3.3 ms ] story [ 14.3 ms ] threadThe author fails to mention how this any more "broken" than TLS on anything else.
(well, now revoked, but still...)