On Mon, Dec 22, 2014 at 3:49 PM, Richard Pieri <richard.pi...@gmail.com> wrote: > The second citation is just a weak argument. Commercial CAs aren't it for > security. They're in it for money. I don't care if you name StartSSL or > Comodo or Symantec. They're all driven by profits first, security somewhere > after.
Which is why the free cert, pay for revocation model makes so much sense -- signing a CSR takes a one-time hit of some tiny amount of CPU and bandwidth, whereas hosting an OCSP responder or equivalent takes a lot more money and effort. Cert revocation is hard, and when things are hard to do companies can often charge money to do them :--) Gordon _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
