On Friday, 21 October 2016 11:48:21 UTC+1, [email protected] wrote: > Just the opinion of a user who is securing services, websites and his mails > with certificates but is not capable of paying hundreds of Euros / Dollars > for achieving this goal every year.
This is the "too big to fail" argument and I think we've addressed why that's not acceptable previously. For DV TLS certificates, Let's Encrypt will be an admirable replacement for StartCom as far as most subscribers are concerned. There will inevitably be scenarios where StartCom were able to offer cheap or free certificates that aren't possible with Let's Encrypt because their validation strategy is different, but I think the addition of IDNs this week means Let's Encrypt now covers the vast majority of normal scenarios. The pressure of "competing" with Let's Encrypt means Comodo and at least one other major CA (I want to say Symantec?) also now have offers which may be applicable for some subscribers. Comodo, through cPanel, gives away certificates to many people using bulk hosting, and the other CA has a deal with ISPs where free certificates are a loss leader to drive potential customers into an upsell - ie DV certificates are free, but you're gently encouraged to pay them for OV or EV instead. So, that leaves S/MIME and Code Signing. Code Signing is no longer really Mozilla's concern as I understand it, they deprecated the Code Signing trust bits in their store. For S/MIME certificates I believe there are other options out there, which are either free or very affordable but I don't use S/MIME certificates so I might be wrong. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
