So, in summary:<p>1. Cisco used Open Source software (OpenDaylight), without sanitizing publicly available (GitHub) certificates and private keys.<p>2. The screenshot in the source article mentions the subject of the certificate. Yet, the text refers to it as the signing party.<p>3. Somebody used a business name and an email address that is associated to Huawei, to generate a certificate.<p>Observations:<p>- Regarding (1): If any finger pointing or suggesting should be done here, it should not be at anyone but Cisco.<p>- Regarding (2): Either the original source article contains incorrect information, or these certificates were self-signed, which makes any information supplied in the certificate arbitrary and meaningless.<p>- Regarding (2): If the information is incorrect, and the certificate was signed by an accredited party, the person who put this on GitHub sure made a stupid mistake, rendering this private key essentially useless (to anyone, Huawei and Cisco included).<p>- Regarding (3), just because somebody uses (either real of fake) business information to generate a certificate, does not indicate that said business had any involvement whatsoever. Not unless the certificate is signed by a party that guarantees the vetting of that info.<p>Final thought: The title with "Huawei cryptographic keys" appears to be very misleading at best, simple incorrect more likely. I do not see the link between Huawei and these keys, other than somebody using arbitrary information to generate a (self-signed) certificate from a private key.