1 |
On 27 March 2015 at 19:14, Rich Freeman <rich0@g.o> wrote: |
2 |
> |
3 |
> StartSSL in fact refuses to revoke certificates even when people |
4 |
> publish their private keys publicly. If you buy a previously-used |
5 |
> domain you might want to make sure that there isn't a StartSSL |
6 |
> certificate floating around for it which is still valid... |
7 |
|
8 |
Uh? They don't do it for free, but they do revoke certificate if you pay for it. |
9 |
xine-project.org has a revoked cert from last year due to heartbleed. |
10 |
|
11 |
Diego Elio Pettenò — Flameeyes |
12 |
https://blog.flameeyes.eu/ |