121 sats \ 1 reply \ @Reachableceo OP 9 Sep 2023 \ parent \ on: What if your threat model does include a nation state ? tech
I know your being somewhat sarcastic.
My money is on the entire FAANG etc having their Thales based root CA keys compromised . I’ve been less than impressed with security measures taken around key material and/or network security in general.
Once you start really understanding the full capabilities and vulnerabilities of these commercial CA appliances , you realize how massive the attack surface is.
My current stack is Nitro key HSM with XCA on an air gapped laptop. Keep it all in a decent safe with cameras and alarm system.
deleted by author
reply