> Am 28.09.2016 um 10:25 schrieb li...@lazygranch.com: > > I don't want take this thread off course, but suggestions for low cost certs > would be appreciated. I don't like how Let's Encrypt works, else that would > be the obvious solution. > > Domain registration isn't free. Server time isn't free. Something like $20 a > year would be fine. I already have a self signed cert for email, but would > like to eventually encrypt my websites and attempt dnssec/dane.
RapidSSL is about 9EUR per Year and there is a "Basic SSL" option when you use internetx. Seems to be free. > > When Symantec first announced that they would compete with Let's Encrypt, I > signed up with them. But it looks like their free cert program is more like > you need to recruit customers for them. > > > Original Message > From: Sven Schwedas > Sent: Wednesday, September 28, 2016 1:10 AM > To: postfix-users@postfix.org > Subject: Re: WoSign/StartCom CA in the news > > On 2016-09-28 00:31, Giovanni Harting wrote: >> Correct me if I'm wrong, but that document you describe issues by >> Mozilla and others, doesn't it state that it would only affect new >> issues certs after a certain date? > > Yes, but most StartSSL/WoSign certificates are only valid for a year or > less. So customers should start looking for alternative providers *now*, > because a year-long block will affect almost all of them. > >> Am 09/28/16 um 00:29 schrieb Viktor Dukhovni: >>> WoSign (who seemingly purchased StartCom) seem to have run into >>> some compliance issues as reported by Firefox: >>> >>> >>> http://arstechnica.com/security/2016/09/firefox-ready-to-block-certificate-authority-that-threatened-web-security/ >>> >>> >>> Many SMTP servers are using certs from StartCom. In my DANE >>> adoption survey, out of 2201 certificates used by DANE MX >>> hosts 411 are issued by StartCom and 47 by WoSign. So that's >>> just over 20% of observed certificates. While the rate is >>> likely different for the larger SMTP ecosystem (DANE users >>> are bleeding edge, not representative at this time), I expect >>> that these CAs are still quite popular overall. >>> >>> If you're using StartCom/WoSign certs, and rely on them being >>> verified by MUAs and/or peer MTAs. you may want to make >>> contingency plans if Mozilla and perhaps others go through >>> with delisting (or disabling) the related root CAs from >>> their trusted CA bundles. >>> >> > > -- > Mit freundlichen Grüßen, / Best Regards, > Sven Schwedas, Systemadministrator > Mail/XMPP sven.schwe...@tao.at | Skype sven.schwedas > TAO Digital | Lendplatz 45 | A8020 Graz > https://www.tao-digital.at | Tel +43 680 301 7167 >
smime.p7s
Description: S/MIME cryptographic signature
