[Discuss] Who sells the least expensive SSL certs right now?

[abreauj at gmail.com (John Abreau)]

When I generate my own CA for my company (or the company's IT people
generate a private CA for the company), it's reasonable to trust that CA.
Or, if you want to nitpick, trusting that CA is likely a necessary
precondition for accessing the company's internal IT resources and is
therefore a necessary precondition for doing your your job.

As for StartSSL, a quick google search turns up some disturbing issues with
it. Their reaction to the Heartbleed problem earlier this year is
particularly worrisome:

A quote from Mozilla's bugzilla issue tracker:
https://bugzilla.mozilla.org/show_bug.cgi?id=994033

The business model for this free tier is based on profiting from security
> breaches. StartSSL lures in users with free certificates without making it
> clear that there is a revocation fee. During a crisis when users of these
> certificates are most vulnerable, they attempt to extort money with this
> fee. Many people are using the free certificates because they can't or
> won't pay fees like this. Certificates signed by StartSSL are no longer
> trustworthy, because the people who own the certificates can not revoke
> them even if they want to without paying an unexpected fee.


On Mon, Dec 22, 2014 at 6:53 AM, Edward Ned Harvey (blu) <blu at nedharvey.com>
wrote:

> > From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss-
> > bounces+blu=nedharvey.com at blu.org] On Behalf Of Jack Coats
> >
> > I haven't been following this thread, but is cacert.org certs wide
> > spread enough without users having to add certs (import)?
>
> No, but startssl is.
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>



-- 
John Abreau / Executive Director, Boston Linux & Unix
Email: abreauj at gmail.com / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6
PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23  C2D0 E885 E17C 9200 63C6