undefined | Better HN

0 pointsmynameisvlad10y ago0 comments

https://www.startssl.com/Support?v=43

They're the CA that wanted to charge $25 to revoke free certificates that were potentially compromised due to Heartbleed. Yes, it wasn't their fault, so they wouldn't be legally responsible for it, but they're acting in bad form by not offering those revocations for free for such a major issue.

0 comments

IgorPartola10y ago

Until LE, StartSSL was the cheapest option all around. Note that with their $59/year option you would get unlimited wildcard certs, amongst other things. I am not happy about this bug, and am glad I moved to LE a few weeks ago, but in the past StartSSL has saved me a ton of money, even though their website had been godawful at the time.

mynameisvladOP10y ago

Sure, and all that may be true, but I was specifically responding to what makes them greedy. Recommending people revoke their certificate and then hitting them with a $25 fee when they try to do so is practically the definition of such. They knew it was a serious problem, they knew all certificates could be affected (and even called it out) but then they didn't care to waive their policy in this one case even with all that taken into account. A CA who actually cared about the integrity of the system as a whole would have made a one time exception for this serious bug.

j / k navigate · click thread line to collapse

0 pointsmynameisvlad10y ago0 comments

https://www.startssl.com/Support?v=43

0 comments

IgorPartola10y ago

mynameisvladOP10y ago

j / k navigate · click thread line to collapse