Am Freitag, 21. Oktober 2016 17:31:17 UTC+2 schrieb Nick Lamb: > This is the "too big to fail" argument and I think we've addressed why that's > not acceptable previously.
I've not said that the whole certificate system depends on StartCom. Sorry if I had not expressed myself clearly. As someone who uses StartCom and is personal not able to pay the price of nearly 500 EUR for a wildcard cert to secure a few websites, some devices and a mailserver, I've read about the bull**** that StartCom made and followed the threads in this group. I've read a lot of (good and true) argumentation but only from the "technical" side not one single argument dealing with the impact on users. So my intention was to bring up this "view". > For DV TLS certificates, Let's Encrypt will be an admirable replacement for > StartCom as far as most subscribers are concerned. There will inevitably be > scenarios where StartCom were able to offer cheap or free certificates that > aren't possible with Let's Encrypt because their validation strategy is > different, but I think the addition of IDNs this week means Let's Encrypt now > covers the vast majority of normal scenarios. Let's Encrypt is surely a very good approach but actually not an replacement for an CA that is listed in the root store of all major browsers. It's not really practicable for someone using shared space without shell access, for securing consumer devices (router, NAS, and so on), because of the 90 day period. To much effort for the "normal" people out there. And this is what my argument dealing with. In times where everybody, also Mozilla, is "praying" to use encryption I find it hard to understand that one big (and nearly the only) opportunity to secure communication for small businesses and individuals is thrown out. No question StartCom has made mistakes and of course there should be arrangements made to keep the CA-system safe and to prevent others from making this mistakes. But with distrusting StartCom I think (my personal view) the "small" users are punished a lot more than everyone else and they haven't done something wrong. My only intention was to bring up this thought, not to say that the whole system depends on StartCom. But for sure the effort for many, many small webmasters out there or people who want's to secure their LAN at home, there small networks in company, is groing intensively by distrusting StartCom and as a result of this, they will not use encryption. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy