| 1 |
On Fri, Mar 27, 2015 at 3:15 PM, Diego Elio Pettenò |
| 2 |
<flameeyes@×××××××××.eu> wrote: |
| 3 |
> On 27 March 2015 at 19:14, Rich Freeman <rich0@g.o> wrote: |
| 4 |
>> |
| 5 |
>> StartSSL in fact refuses to revoke certificates even when people |
| 6 |
>> publish their private keys publicly. If you buy a previously-used |
| 7 |
>> domain you might want to make sure that there isn't a StartSSL |
| 8 |
>> certificate floating around for it which is still valid... |
| 9 |
> |
| 10 |
> Uh? They don't do it for free, but they do revoke certificate if you pay for it. |
| 11 |
> xine-project.org has a revoked cert from last year due to heartbleed. |
| 12 |
|
| 13 |
That was basically my point. There aren't any free options which are |
| 14 |
secure (that I'm aware of). There are options which cost money which |
| 15 |
are secure, including StartSSL. It just annoys me when people trot |
| 16 |
them out as an example of why SSL certificate costs aren't a problem. |
| 17 |
You can debate whether not having secure free options matters or not, |
| 18 |
but you can't argue that StartSSL is a secure free option. |
| 19 |
|
| 20 |
-- |
| 21 |
Rich |
Archives