[Discuss] Who sells the least expensive SSL certs right now?

John Abreau abreauj at gmail.com
Tue Dec 23 10:28:00 EST 2014 

It was asserted in the bugzilla page that startssl refuses to issue a new certificate until you revoke the old one, and that in combination with their typical response times, this results in at least 5 days' downtime when replacing an old startssl-issued certificate with a new startssl-issued certificate. 

If the assertion is correct, and if your site cannot accept running for a week or so with a revoked certificate, then choosing startssl means you'll have to switch to another CA anyway the next time a Heartbleed-like incident occurs. 


On Dec 23, 2014, at 6:38 AM, Bill Bogstad <bogstad at pobox.com> wrote:

> On Mon, Dec 22, 2014 at 11:10 PM, Edward Ned Harvey (blu)
> <blu at nedharvey.com> wrote:
>>> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
>>> bounces+blu=nedharvey.com at blu.org] On Behalf Of Shirley Márquez
>>> Dúlcey
>>> 
>>> Free certificates shouldn't be a business model. They should be
>>> something that you do to give back to the community, to help keep the
>>> internet an open place for everybody.
>> 
>> While we're at it, let's ban commercial software, and copyright and patent and trademarks.  Computers are able to copy all these things at zero cost; it should be free for everyone.  Unicorns and rainbows for the win!   ;-)
>> 
>> Sorry, I know I'm being a jerk.  But the argument that the *only* provider of commonly trusted free certs is extorting people by charging for revocation is foolishness.  If that argument holds, then *no* certificate authority should be able to charge for issuing certs.
> 
> No argument from me on this.  However, I am not sure why I would ever bother to
> revoke a certificate for a general purpose web site.   Why wouldn't I
> just stop using it
> and go get a new certificate from whatever CA I want?   As for someone
> else spoofing my site with the stolen cert, I thought that it was
> still possible to get certificates signed for almost any domain from
> some of the CAs.   So revoking a stolen certificate isn't going to
> help that much to protect against man in the middle attacks.  I don't
> think it is going to stop someone who recorded the entire session from
> decrypting it once they get the private key either.  What am I missing
> here?
> 
> Bill Bogstad
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss

More information about the Discuss mailing list