Access to only via TLS

Doug Barton dougb at
Wed Apr 30 21:23:02 CEST 2014

On 04/30/2014 01:25 AM, Martin Gollowitzer wrote:
> You might want to consider my blogpost about StartSSL

Yeah, I don't quite see your point. They are providing a very valuable 
service for free, and charge a nominal fee for revoking a cert. If you 
add up all the times you have not paid fees for the certificates 
themselves, vs. the rare occasions when you have to revoke one, I think 
you're still coming out way ahead. Personally I think it's awesome that 
they're allowing a free revocation re Heartbleed at all, since ...

... your whole premise seems to be invalid as there is no clear evidence 
at this time (that I'm aware of, and I've been paying attention) that 
any actual secret keys have been compromised by Heartbleed. It was 
listed as a potential risk when the vulnerability was first announced, 
but several groups have done research on that specific point and have 
found that it would be sufficiently difficult, if not actually 
impossible; to render this particular risk as negligible at best.

Meanwhile, if your response is going to be in the nature of, "Everything 
I want should be given to me free just because I want it" please don't 


More information about the Gnupg-users mailing list