On Fri, Mar 27, 2015 at 3:15 PM, Diego Elio Pettenò <flamee...@flameeyes.eu> wrote: > On 27 March 2015 at 19:14, Rich Freeman <ri...@gentoo.org> wrote: >> >> StartSSL in fact refuses to revoke certificates even when people >> publish their private keys publicly. If you buy a previously-used >> domain you might want to make sure that there isn't a StartSSL >> certificate floating around for it which is still valid... > > Uh? They don't do it for free, but they do revoke certificate if you pay for > it. > xine-project.org has a revoked cert from last year due to heartbleed.
That was basically my point. There aren't any free options which are secure (that I'm aware of). There are options which cost money which are secure, including StartSSL. It just annoys me when people trot them out as an example of why SSL certificate costs aren't a problem. You can debate whether not having secure free options matters or not, but you can't argue that StartSSL is a secure free option. -- Rich
