On Mon, Dec 22, 2014 at 11:10 PM, Edward Ned Harvey (blu)
b...@nedharvey.com wrote:
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
bounces+blu=nedharvey@blu.org] On Behalf Of Shirley Márquez
Dúlcey
Free certificates shouldn't be a business model. They should be
It was asserted in the bugzilla page that startssl refuses to issue a new
certificate until you revoke the old one, and that in combination with their
typical response times, this results in at least 5 days' downtime when
replacing an old startssl-issued certificate with a new startssl-issued
On 12/22/2014 10:43 PM, Tom Metro wrote:
Probably a big reason this never happened is that when CAs were being
established, all that existed were basic certs. The extended validation
certs and other value added services were only thought up later. Once
the industry was established, hard to
On 12/23/2014 10:28 AM, John Abreau wrote:
It was asserted in the bugzilla page that startssl refuses to issue a
new certificate until you revoke the old one, and that in combination
I should certainly hope so. Issuing new certificates for existing, valid
domains and hosts is called a
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
bounces+blu=nedharvey@blu.org] On Behalf Of Edward Ned Harvey
(blu)
So apparently the
random-guy-complaining-on-internet who wrote that pearl of wisdom has
some personal bias, and should not be trusted at his word.
Maybe
On 12/23/2014 1:32 PM, Edward Ned Harvey (blu) wrote:
CA trust list. I'm guessing the POTUS and the CIA probably have ways
of getting certs out of Verisign and others. Also, there have
As an aside, Verisign is out of the CA business. They sold that off to
Symantec a few years ago. Fairly
Richard Pieri wrote:
Tom Metro wrote:
Probably a big reason this never happened is that when CAs were being
established, all that existed were basic certs.
The early certificate authorities...were all about identity
verification. ...the handful of extant CAs bothered with things like
Tom Metro wrote:
Similarly, Dreamhost is a reseller for Comodo and has 1-year basic certs
for $9 or $10.
If you want to save a couple more dollars, a recent security now
episode[1] mentioned cheapsslsecurity.com, which is another reseller of
certs. The least expensive options are from Comodo,
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
bounces+blu=nedharvey@blu.org] On Behalf Of Tom Metro
(Short expiration periods are considered better for security, and the
high-end extended validation certs top out at 2-years. But if you are
just securing the comment
Edward Ned Harvey (blu) wrote:
Any time I've seen multi-year certs so far, they just get you to pay
in advance, and you still have to reissue the cert once a year.
Maybe it's not universal - just what I've seen so far.
I wondered if that might be the case. I couldn't find anything
definitive
10 matches
Mail list logo