Bumping this with the text of an email that I sent them via their contact submission form, as follows:
I would like to know what's going on with your SSL certificate. The following statement is made at this link:
http://help.dwolla.com/customer/portal/articles/86685-security-partner-overview"VeriSign EV Certificate and Encryption
Extended Validation SSL Certificates give high-security web browsers information to clearly identify a web sites organizational identity. VeriSign is an industry leading EV solution provider. Our certificate provides a 128-bit minimum to 256-bit encryption."
but you are actually using a cheap Godaddy certificate. I see that one or more EV certificates from Verisign have been revoked.... Have you had a security incident that you should have warned customers about? Certificates don't just get revoked without a damn good reason, and I feel that this is something extremely important that you need to address.
The only public communication that I have been able to find in regards to this issue is a single Twitter message that says the following:
"@dwolla
Working with our partners at @verisign and @symantec to look into a certificate issue some of our users are reporting. Still secure."
but absolutely no communication after that message, posted on the 21st of July, 2012, 10 days ago.
I would appreciate your prompt response in regards to this matter so that I can be assured of your continued security and the security of any data about me that you have stored there.
Thank you and regards,
It's been 10 days since this incident, with nothing more said.
