Knowing what I know about these issues -- and agreeing that G+ is increasingly becoming a huge ugly mess for Google, one that's hurting a lot of people -- this isn't the same situation, and it's not one that I'd lay at Google's feet.
I'll be honest -- I have some formal as well as informal training in this kind of thing. The way SSL certs work, Google can't really hide them away in a lockbox -- you have to share them with people like DigiNotar/Vasco, or Verisign, who handles a lot of the "core" SSL business. And once you do, you have to, again because of how SSL is setup, depend on them to keep that cert secure.
And if you don't hand it out? No SSL connections from many browsers for you. So you're stuck depending on someone else's security for these things -- and I'd lay the responsibility at Vasco's feet, not at Google's.
no subject
I'll be honest -- I have some formal as well as informal training in this kind of thing. The way SSL certs work, Google can't really hide them away in a lockbox -- you have to share them with people like DigiNotar/Vasco, or Verisign, who handles a lot of the "core" SSL business. And once you do, you have to, again because of how SSL is setup, depend on them to keep that cert secure.
And if you don't hand it out? No SSL connections from many browsers for you. So you're stuck depending on someone else's security for these things -- and I'd lay the responsibility at Vasco's feet, not at Google's.