Edward Ned Harvey (blu) wrote:
> If that argument holds, then *no* certificate authority should be
> able to charge for issuing certs.
That's a good idea. No, seriously.
It doesn't appear that a central organization holds sway over CAs,
unlike they way ICANN rules over domain registries, but if t
> From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
> bounces+blu=nedharvey@blu.org] On Behalf Of Shirley Márquez
> Dúlcey
>
> Free certificates shouldn't be a business model. They should be
> something that you do to give back to the community, to help keep the
> internet an op
On Mon, Dec 22, 2014 at 4:36 PM, Shirley Márquez Dúlcey
wrote:
> Free certificates shouldn't be a business model. They should be
> something that you do to give back to the community, to help keep the
> internet an open place for everybody.
There's plenty of horrible shit that "shouldn't be a bus
Free certificates shouldn't be a business model. They should be
something that you do to give back to the community, to help keep the
internet an open place for everybody.
On Mon, Dec 22, 2014 at 3:58 PM, Gordon Marx wrote:
> On Mon, Dec 22, 2014 at 3:49 PM, Richard Pieri
> wrote:
>> The second
On Mon, Dec 22, 2014 at 3:49 PM, Richard Pieri wrote:
> The second citation is just a weak argument. Commercial CAs aren't it for
> security. They're in it for money. I don't care if you name StartSSL or
> Comodo or Symantec. They're all driven by profits first, security somewhere
> after.
Which
On 12/22/2014 11:25 AM, John Abreau wrote:
Now granted, these arguments are about whether slartssl should be in the
firefox keystore,
I take the first citation as being a rant that StartCom should be held
accountable for Heartbleed fallout. No. It's not Vendor A's
responsibility to change the
I think you're missing the point. More quotes from the bugzilla discussion:
> The problem is not them charging for revocations. If someone has lost
their key
> or got hacked, okay fine. Their own fault.
>
> The problem is that thanks to Heartbleed we now have potentially leaked
private
> keys (le
> Bah. That's a weak argument. There is nothing secret about charging for
> revocation, and I don't expect any other CA's to reissue certs for free
> either.
Charging for revocation of a FREE certificate is an argument that
holds some weight with me. If you can get it for free you should also
On 12/22/2014 10:24 AM, John Abreau wrote:
A quote from Mozilla's bugzilla issue tracker:
https://bugzilla.mozilla.org/show_bug.cgi?id=994033
The business model for this free tier is based on profiting from security
breaches.
How is this substantially different from other commercial CAs? Thin
> From: John Abreau [mailto:abre...@gmail.com]
>
> As for StartSSL, a quick google search turns up some disturbing issues with
> it.
Bah. That's a weak argument. There is nothing secret about charging for
revocation, and I don't expect any other CA's to reissue certs for free either.
When I generate my own CA for my company (or the company's IT people
generate a private CA for the company), it's reasonable to trust that CA.
Or, if you want to nitpick, trusting that CA is likely a necessary
precondition for accessing the company's internal IT resources and is
therefore a necessa
> From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
> bounces+blu=nedharvey@blu.org] On Behalf Of Jack Coats
>
> I haven't been following this thread, but is cacert.org certs wide
> spread enough without users having to add certs (import)?
No, but startssl is.
_
> From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
> bounces+blu=nedharvey@blu.org] On Behalf Of Bill Horne
>
> ISTM that the CA's have made the certificate-generation process nearly
> impossible to use, by adding extensions after extension to the
> certificates so that end-us
13 matches
Mail list logo
