BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Who sells the least expensive SSL certs right now?

Subject: [Discuss] Who sells the least expensive SSL certs right now?
From: abreauj at gmail.com (John Abreau)
Date: Tue, 23 Dec 2014 10:28:00 -0500
In-reply-to: <CAJFsZ=qa62RkgX53W0t2rJrpAkT3bGVHuJ-E8Q=FRvBQnxcH_g@mail.gmail.com>
References: <549251AB.8070607@horne.net> <54932731.1060401@gmail.com> <5493283A.6010407@horne.net> <CA+h9Qs63QnWrktgHaRstzAa9yLNPVVL1QUegx7sQwRXeymajqQ@mail.gmail.com> <5497701D.90103@horne.net> <CAFq0N1x37HaQkKD3gWEP8=CNQFnpvqupNsmVBmgKwQp5XL3S5Q@mail.gmail.com> <BN3PR0401MB12042C738604A70CDADFB62CDC560@BN3PR0401MB1204.namprd04.prod.outlook.com> <CAFv2jcZkz3pK-2OxLDZ75V7Bfs81s1M=YhY2e1R1Ji+LtDE3EQ@mail.gmail.com> <BN3PR0401MB1204EBCF93E4073CBD100C5BDC560@BN3PR0401MB1204.namprd04.prod.outlook.com> <CAFv2jcbUpP97QwwXVya4O0GXX8OCRS2cNWOeyPjk30KF_Onqrg@mail.gmail.com> <549883E1.7050605@gmail.com> <CAFrp2J0+G5tHFqEX5PHs-zNx0ExapO52SJ+FXQgYXTp5QQaF4A@mail.gmail.com> <CAMdng5vtCb=zqhAXXRqhbmhY4=Px_EQ4E6-0yOO0hnn3ujmV8w@mail.gmail.com> <BN3PR0401MB12045A735E9E5C80725C5D26DC560@BN3PR0401MB1204.namprd04.prod.outlook.com> <CAJFsZ=qa62RkgX53W0t2rJrpAkT3bGVHuJ-E8Q=FRvBQnxcH_g@mail.gmail.com>

It was asserted in the bugzilla page that startssl refuses to issue a new certificate until you revoke the old one, and that in combination with their typical response times, this results in at least 5 days' downtime when replacing an old startssl-issued certificate with a new startssl-issued certificate. 

If the assertion is correct, and if your site cannot accept running for a week or so with a revoked certificate, then choosing startssl means you'll have to switch to another CA anyway the next time a Heartbleed-like incident occurs. 


On Dec 23, 2014, at 6:38 AM, Bill Bogstad <bogstad at pobox.com> wrote:

> On Mon, Dec 22, 2014 at 11:10 PM, Edward Ned Harvey (blu)
> <blu at nedharvey.com> wrote:
>>> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
>>> bounces+blu=nedharvey.com at blu.org] On Behalf Of Shirley M?rquez
>>> D?lcey
>>> 
>>> Free certificates shouldn't be a business model. They should be
>>> something that you do to give back to the community, to help keep the
>>> internet an open place for everybody.
>> 
>> While we're at it, let's ban commercial software, and copyright and patent and trademarks.  Computers are able to copy all these things at zero cost; it should be free for everyone.  Unicorns and rainbows for the win!   ;-)
>> 
>> Sorry, I know I'm being a jerk.  But the argument that the *only* provider of commonly trusted free certs is extorting people by charging for revocation is foolishness.  If that argument holds, then *no* certificate authority should be able to charge for issuing certs.
> 
> No argument from me on this.  However, I am not sure why I would ever bother to
> revoke a certificate for a general purpose web site.   Why wouldn't I
> just stop using it
> and go get a new certificate from whatever CA I want?   As for someone
> else spoofing my site with the stolen cert, I thought that it was
> still possible to get certificates signed for almost any domain from
> some of the CAs.   So revoking a stolen certificate isn't going to
> help that much to protect against man in the middle attacks.  I don't
> think it is going to stop someone who recorded the entire session from
> decrypting it once they get the private key either.  What am I missing
> here?
> 
> Bill Bogstad
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss

Follow-Ups:
- [Discuss] Who sells the least expensive SSL certs right now?
  - From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] Who sells the least expensive SSL certs right now?
  - From: richard.pieri at gmail.com (Richard Pieri)

References:
- [Discuss] Who sells the least expensive SSL certs right now?
  - From: bill at horne.net (Bill Horne)
- [Discuss] Who sells the least expensive SSL certs right now?
  - From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] Who sells the least expensive SSL certs right now?
  - From: bill at horne.net (Bill Horne)
- [Discuss] Who sells the least expensive SSL certs right now?
  - From: jabr at blu.org (John Abreau)
- [Discuss] Who sells the least expensive SSL certs right now?
  - From: bill at horne.net (Bill Horne)
- [Discuss] Who sells the least expensive SSL certs right now?
  - From: jack at coats.org (Jack Coats)
- [Discuss] Who sells the least expensive SSL certs right now?
  - From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] Who sells the least expensive SSL certs right now?
  - From: abreauj at gmail.com (John Abreau)
- [Discuss] Who sells the least expensive SSL certs right now?
  - From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] Who sells the least expensive SSL certs right now?
  - From: abreauj at gmail.com (John Abreau)
- [Discuss] Who sells the least expensive SSL certs right now?
  - From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] Who sells the least expensive SSL certs right now?
  - From: gcmarx at gmail.com (Gordon Marx)
- [Discuss] Who sells the least expensive SSL certs right now?
  - From: mark at buttery.org (Shirley Márquez Dúlcey)
- [Discuss] Who sells the least expensive SSL certs right now?
  - From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] Who sells the least expensive SSL certs right now?
  - From: bogstad at pobox.com (Bill Bogstad)

Prev by Date: [Discuss] Who sells the least expensive SSL certs right now?
Next by Date: [Discuss] free certs everywhere
Previous by thread: [Discuss] Who sells the least expensive SSL certs right now?
Next by thread: [Discuss] Who sells the least expensive SSL certs right now?
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.