[liberationtech] Facebook SSL certificates keep changing

[Brad Beckett]

Has anybody else noticed that Facebook's SSL certificates change form
DigiCert to VeriSign Trust Network and back every so often?
I don't like the fact that it makes you unable to tell if you are a victim
of a man-in-the-middle attack or not via compromised CA or "legal
intercept".

As big as Facebook, Google, and Twitter are, they should have their own
root CA certificates in all major browsers, with published fingerprints or
perhaps a combined effort of all three of those.

Brad Beckett