Access to www.gnupg.org only via TLS

Ville Määttä vmaatta at gmail.com
Thu May 1 00:47:40 CEST 2014


So, when was the last time you were offered a parachute on flight? :), sorry I just had to.

I have to say I agree with Doug on StartSSL, I think they’re doing a more of a service to the community by offering affordable certs and the revocation fee is understandable. And reasonable. And sometimes wavered. They did for us the first time when we were adding domains to a wildcard cert, but a bit later this mess of a bug hit and we revoked again, this time they charged the fee. Shit happens.

I do also understand the point why revocation shouldn’t cost money. Why it would lead to certs not being revoked and instead new ones being created [1]. It’s a valid point and something StartSSL should, maybe do, think about.

Like so often, there is no one easy solution, it’s a matter of compromising and weighing different needs. On the whole I like what StartSSL are doing and I’m not quite ready to stop using their certs based on this affair.

[1] http://blogs.fsfe.org/gollo/2014/04/13/what-the-heartbleed-bug-revealed-to-me/

On 30 Apr 2014, at 22:40, Faramir <faramir.cl at gmail.com> wrote:

> Signed PGP part
> El 30-04-2014 15:23, Doug Barton escribió:
> > On 04/30/2014 01:25 AM, Martin Gollowitzer wrote:
> ...
> > Yeah, I don't quite see your point. They are providing a very
> > valuable service for free, and charge a nominal fee for revoking a
> > cert. If you
> ...
> > Meanwhile, if your response is going to be in the nature of,
> > "Everything I want should be given to me free just because I want
> > it" please don't bother.
> 
>   IMHO, to be able to revoke a compromised certificate should be free,
> since when you get a certificate, you have time to think about if you
> really need it, and to consider if you can afford it. But if the
> certificate is compromised, then you really need it revoked ASAP. It
> is like providing free airplane tickets, and then charging for the
> parachute.
> 
>   Best Regards
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-- 
Ville




More information about the Gnupg-users mailing list