On Tue, Dec 23, 2014 at 10:05:51PM -0500, Tom Metro wrote:
Edward Ned Harvey (blu) wrote:
Any time I've seen multi-year certs so far, they just get you to pay
in advance, and you still have to reissue the cert once a year.
Maybe it's not universal - just what I've seen so far.
I wondered
On Mon, Dec 22, 2014 at 11:10 PM, Edward Ned Harvey (blu)
b...@nedharvey.com wrote:
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
bounces+blu=nedharvey@blu.org] On Behalf Of Shirley Márquez
Dúlcey
Free certificates shouldn't be a business model. They should be
It was asserted in the bugzilla page that startssl refuses to issue a new
certificate until you revoke the old one, and that in combination with their
typical response times, this results in at least 5 days' downtime when
replacing an old startssl-issued certificate with a new startssl-issued
On 12/23/2014 10:28 AM, John Abreau wrote:
It was asserted in the bugzilla page that startssl refuses to issue a
new certificate until you revoke the old one, and that in combination
I should certainly hope so. Issuing new certificates for existing, valid
domains and hosts is called a
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
bounces+blu=nedharvey@blu.org] On Behalf Of Edward Ned Harvey
(blu)
So apparently the
random-guy-complaining-on-internet who wrote that pearl of wisdom has
some personal bias, and should not be trusted at his word.
Maybe
On 12/23/2014 1:32 PM, Edward Ned Harvey (blu) wrote:
CA trust list. I'm guessing the POTUS and the CIA probably have ways
of getting certs out of Verisign and others. Also, there have
As an aside, Verisign is out of the CA business. They sold that off to
Symantec a few years ago. Fairly
Tom Metro wrote:
Similarly, Dreamhost is a reseller for Comodo and has 1-year basic certs
for $9 or $10.
If you want to save a couple more dollars, a recent security now
episode[1] mentioned cheapsslsecurity.com, which is another reseller of
certs. The least expensive options are from Comodo,
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
bounces+blu=nedharvey@blu.org] On Behalf Of Tom Metro
(Short expiration periods are considered better for security, and the
high-end extended validation certs top out at 2-years. But if you are
just securing the comment
Edward Ned Harvey (blu) wrote:
Any time I've seen multi-year certs so far, they just get you to pay
in advance, and you still have to reissue the cert once a year.
Maybe it's not universal - just what I've seen so far.
I wondered if that might be the case. I couldn't find anything
definitive
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
bounces+blu=nedharvey@blu.org] On Behalf Of Bill Horne
ISTM that the CA's have made the certificate-generation process nearly
impossible to use, by adding extensions after extension to the
certificates so that end-users
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
bounces+blu=nedharvey@blu.org] On Behalf Of Jack Coats
I haven't been following this thread, but is cacert.org certs wide
spread enough without users having to add certs (import)?
No, but startssl is.
When I generate my own CA for my company (or the company's IT people
generate a private CA for the company), it's reasonable to trust that CA.
Or, if you want to nitpick, trusting that CA is likely a necessary
precondition for accessing the company's internal IT resources and is
therefore a
From: John Abreau [mailto:abre...@gmail.com]
As for StartSSL, a quick google search turns up some disturbing issues with
it.
Bah. That's a weak argument. There is nothing secret about charging for
revocation, and I don't expect any other CA's to reissue certs for free either.
On 12/22/2014 10:24 AM, John Abreau wrote:
A quote from Mozilla's bugzilla issue tracker:
https://bugzilla.mozilla.org/show_bug.cgi?id=994033
The business model for this free tier is based on profiting from security
breaches.
How is this substantially different from other commercial CAs?
Bah. That's a weak argument. There is nothing secret about charging for
revocation, and I don't expect any other CA's to reissue certs for free
either.
Charging for revocation of a FREE certificate is an argument that
holds some weight with me. If you can get it for free you should also
be
I think you're missing the point. More quotes from the bugzilla discussion:
The problem is not them charging for revocations. If someone has lost
their key
or got hacked, okay fine. Their own fault.
The problem is that thanks to Heartbleed we now have potentially leaked
private
keys (leaked
On 12/22/2014 11:25 AM, John Abreau wrote:
Now granted, these arguments are about whether slartssl should be in the
firefox keystore,
I take the first citation as being a rant that StartCom should be held
accountable for Heartbleed fallout. No. It's not Vendor A's
responsibility to change
On Mon, Dec 22, 2014 at 3:49 PM, Richard Pieri richard.pi...@gmail.com wrote:
The second citation is just a weak argument. Commercial CAs aren't it for
security. They're in it for money. I don't care if you name StartSSL or
Comodo or Symantec. They're all driven by profits first, security
Free certificates shouldn't be a business model. They should be
something that you do to give back to the community, to help keep the
internet an open place for everybody.
On Mon, Dec 22, 2014 at 3:58 PM, Gordon Marx gcm...@gmail.com wrote:
On Mon, Dec 22, 2014 at 3:49 PM, Richard Pieri
On Mon, Dec 22, 2014 at 4:36 PM, Shirley Márquez Dúlcey
m...@buttery.org wrote:
Free certificates shouldn't be a business model. They should be
something that you do to give back to the community, to help keep the
internet an open place for everybody.
There's plenty of horrible shit that
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
bounces+blu=nedharvey@blu.org] On Behalf Of Shirley Márquez
Dúlcey
Free certificates shouldn't be a business model. They should be
something that you do to give back to the community, to help keep the
internet an open
On 12/18/2014 6:40 PM, John Abreau wrote:
On Thu, Dec 18, 2014 at 2:17 PM, Bill Horne b...@horne.net
mailto:b...@horne.net wrote:
In theory, we could put our root certificate in everyone's
browser, but that's so much effort that it's not practical.
That's what I did when I worked
On 12/18/2014 2:12 PM, Richard Pieri wrote:
On 12/17/2014 11:01 PM, Bill Horne wrote:
I've been taked with obtaining some SSL certs for use on two Mac Minis
running OS X Yosemite. Nothing fancy: I'm looking for the lowest cost
available.
Self-signed? Doesn't get any lower cost, in terms of
On Thu, Dec 18, 2014 at 2:17 PM, Bill Horne b...@horne.net wrote:
In theory, we could put our root certificate in everyone's browser, but
that's so much effort that it's not practical.
That's what I did when I worked at Zuken. Part of my job was building
laptops for everyone, on a 3-year
I've been taked with obtaining some SSL certs for use on two Mac Minis
running OS X Yosemite. Nothing fancy: I'm looking for the lowest cost
available.
All suggestions welcome.
Bill
--
E. William Horne
339-364-8487
___
Discuss mailing list
25 matches
Mail list logo
