To be fair with that none of that matters if you create your CSR correctly since they never have the private key to the cert. More over 20 to 1 All current TLS Cert providers give as much access as they can to the NSA. It really comes down to what can you or are you willing to pay into the imperfect system that already exists. And yes hopefully the new CA by Mozilla will be useful but as of late I have lost a lot of trust in Mozilla with how things have been going over there.
-- Jason Barbier [email protected] On Wed, Jan 14, 2015, at 11:13 AM, Seth wrote: > On Wed, 14 Jan 2015 09:35:05 -0800, Jason Barbier <[email protected]> > wrote: > > > If you are looking to get free TLS certs startcom is still in there as I > > recall, and unless you plan on doing something out of the ordinary or > > that requires the CA to do work (like you want a star cert, a cert with > > multiple SANs etc or want to revoke a cert without one of the reasons > > listed in their documentation, require an Extended validation server, or > > want a code signing cert) it is totally free. https://startssl.com > > I appreciate the suggestion, however any company based in the state of > Israel, like StartCOM is, would be my absolute last choice. There's a > reason their certificates are free and I do not believe it to be a > benevolent one. > > http://www.theguardian.com/world/2013/sep/11/nsa-americans-personal-data-israel-documents > http://www.counterpunch.org/2008/09/27/an-israeli-trojan-horse/ > > I can get certificates for $10 and under via Namecheap.com, so the cost > is > not a huge barrier, it just annoys me because CAcert was working just > dandy and now I've got another recurring cost to pay every year. Get a > dozen of these certs implemented at $10 a pop and it starts to add up. > > Hopefully the new CA by Mozilla will pick up the slack, it looks like > CAcert acceptance has been stalled out in most major browser and > operating > systems for many years now. -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
