I think you're missing the point. More quotes from the bugzilla discussion:
> The problem is not them charging for revocations. If someone has lost their key > or got hacked, okay fine. Their own fault. > > The problem is that thanks to Heartbleed we now have potentially leaked private > keys (leaked due to circumstances outside of the control of anyone) and thus > insecure sites. > > Now with StartSSL charging for every single revoked certificate they are > encouraging people to "eh, the chance my key got leaked is so low, I'll just stay > with my old certificate" thinking and behaviour. > > This is actively compromising the security of SSL and consumers (no one I know > checks the SSL vendor on certificates of sites they visit if there's the lock icon and > it says it is trustworthy). Therefor customers and site users expose themselves to > potential security risks while the browser ensures them they are communicating > securely with the website. and another: > Spreading **** certificates all over the place for free and then forcing people to > pay for the revocation of those certificates is certainly not doing any good for > security. I can't see any reason why startssl.com should be in the truststore while > cacert.org (which do not charge for revocation nor for anything else) are denied > the same status. Now granted, these arguments are about whether slartssl should be in the firefox keystore, not about whether Bill should consider using startssl's free tier. But I disagree that the arguments are weak. On Mon, Dec 22, 2014 at 10:55 AM, Edward Ned Harvey (blu) <b...@nedharvey.com> wrote: > > > From: John Abreau [mailto:abre...@gmail.com] > > > > As for StartSSL, a quick google search turns up some disturbing issues with it. > > Bah. That's a weak argument. There is nothing secret about charging for revocation, and I don't expect any other CA's to reissue certs for free either. -- John Abreau / Executive Director, Boston Linux & Unix Email: abre...@gmail.com / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6 PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6 _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss