From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
bounces+blu=nedharvey@blu.org] On Behalf Of Bill Horne
ISTM that the CA's have made the certificate-generation process nearly
impossible to use, by adding extensions after extension to the
certificates so that end-users
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
bounces+blu=nedharvey@blu.org] On Behalf Of Jack Coats
I haven't been following this thread, but is cacert.org certs wide
spread enough without users having to add certs (import)?
No, but startssl is.
When I generate my own CA for my company (or the company's IT people
generate a private CA for the company), it's reasonable to trust that CA.
Or, if you want to nitpick, trusting that CA is likely a necessary
precondition for accessing the company's internal IT resources and is
therefore a
From: John Abreau [mailto:abre...@gmail.com]
As for StartSSL, a quick google search turns up some disturbing issues with
it.
Bah. That's a weak argument. There is nothing secret about charging for
revocation, and I don't expect any other CA's to reissue certs for free either.
On 12/22/2014 10:24 AM, John Abreau wrote:
A quote from Mozilla's bugzilla issue tracker:
https://bugzilla.mozilla.org/show_bug.cgi?id=994033
The business model for this free tier is based on profiting from security
breaches.
How is this substantially different from other commercial CAs?
Bah. That's a weak argument. There is nothing secret about charging for
revocation, and I don't expect any other CA's to reissue certs for free
either.
Charging for revocation of a FREE certificate is an argument that
holds some weight with me. If you can get it for free you should also
be
I think you're missing the point. More quotes from the bugzilla discussion:
The problem is not them charging for revocations. If someone has lost
their key
or got hacked, okay fine. Their own fault.
The problem is that thanks to Heartbleed we now have potentially leaked
private
keys (leaked
On 12/22/2014 11:25 AM, John Abreau wrote:
Now granted, these arguments are about whether slartssl should be in the
firefox keystore,
I take the first citation as being a rant that StartCom should be held
accountable for Heartbleed fallout. No. It's not Vendor A's
responsibility to change
On Mon, Dec 22, 2014 at 3:49 PM, Richard Pieri richard.pi...@gmail.com wrote:
The second citation is just a weak argument. Commercial CAs aren't it for
security. They're in it for money. I don't care if you name StartSSL or
Comodo or Symantec. They're all driven by profits first, security
Free certificates shouldn't be a business model. They should be
something that you do to give back to the community, to help keep the
internet an open place for everybody.
On Mon, Dec 22, 2014 at 3:58 PM, Gordon Marx gcm...@gmail.com wrote:
On Mon, Dec 22, 2014 at 3:49 PM, Richard Pieri
On Mon, Dec 22, 2014 at 4:36 PM, Shirley Márquez Dúlcey
m...@buttery.org wrote:
Free certificates shouldn't be a business model. They should be
something that you do to give back to the community, to help keep the
internet an open place for everybody.
There's plenty of horrible shit that
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
bounces+blu=nedharvey@blu.org] On Behalf Of Shirley Márquez
Dúlcey
Free certificates shouldn't be a business model. They should be
something that you do to give back to the community, to help keep the
internet an open
Edward Ned Harvey (blu) wrote:
If that argument holds, then *no* certificate authority should be
able to charge for issuing certs.
That's a good idea. No, seriously.
It doesn't appear that a central organization holds sway over CAs,
unlike they way ICANN rules over domain registries, but if
13 matches
Mail list logo
