[Discuss] Who sells the least expensive SSL certs right now?
Shirley Márquez Dúlcey
mark at buttery.org
Mon Dec 22 16:36:31 EST 2014
Free certificates shouldn't be a business model. They should be
something that you do to give back to the community, to help keep the
internet an open place for everybody.
On Mon, Dec 22, 2014 at 3:58 PM, Gordon Marx <gcmarx at gmail.com> wrote:
> On Mon, Dec 22, 2014 at 3:49 PM, Richard Pieri <richard.pieri at gmail.com> wrote:
>> The second citation is just a weak argument. Commercial CAs aren't it for
>> security. They're in it for money. I don't care if you name StartSSL or
>> Comodo or Symantec. They're all driven by profits first, security somewhere
>> after.
>
> Which is why the free cert, pay for revocation model makes so much
> sense -- signing a CSR takes a one-time hit of some tiny amount of CPU
> and bandwidth, whereas hosting an OCSP responder or equivalent takes a
> lot more money and effort. Cert revocation is hard, and when things
> are hard to do companies can often charge money to do them :--)
>
> Gordon
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
More information about the Discuss
mailing list