[rdl]

Wow, hats off to whoever came up with this incredibly useful and perfectly safe tool. :)

(I wonder how many private keys they'll end up with. This is a cheaper if somewhat less universal attack than compromising a CA directly.)

[joeblau]

Well from what I've looked at, it seems that at least four entities will receive copies of every key pair. One to csr.io, one to Google Adsesne, one to Google Analytics, and one for the user.