I don't have a problem with a business model or pricing system itself. I do have a problem with it's security implications. The primary function of a CA is providing security to SSL initiators. Those who initiate SSL connections and hope that if a cert is signed by this CA, that they can trust the connection.
StartSSL is providing certs for free but charges money to mitigate disasters. This motivates cert owners not to mitigate disasters and to keep using compromised certs, reducing security for the SSL initiators, who should be the CA's primary concern. If StartSSL learns about a compromised cert, they do nothing until unless they get paid. They are not acting responsibly. They are taking the SSL initiators hostage, keeping the compromise to themselves, allowing MITM attacks to take place.
It doesn't matter if StartSSL makes an exception for heartbleed. This policy is wrong and insecure and from the perspective of SSL initiators, the only correct course of action is to remove StartSSL from trusted CAs. As an initiator, how do I know that a cert is valid if the CA is known to keep disasters a secret?
Techdirt has not posted any stories submitted by Mike Ward.
Re: whiny bastages
I don't have a problem with a business model or pricing system itself. I do have a problem with it's security implications. The primary function of a CA is providing security to SSL initiators. Those who initiate SSL connections and hope that if a cert is signed by this CA, that they can trust the connection.
StartSSL is providing certs for free but charges money to mitigate disasters. This motivates cert owners not to mitigate disasters and to keep using compromised certs, reducing security for the SSL initiators, who should be the CA's primary concern. If StartSSL learns about a compromised cert, they do nothing until unless they get paid. They are not acting responsibly. They are taking the SSL initiators hostage, keeping the compromise to themselves, allowing MITM attacks to take place.
It doesn't matter if StartSSL makes an exception for heartbleed. This policy is wrong and insecure and from the perspective of SSL initiators, the only correct course of action is to remove StartSSL from trusted CAs. As an initiator, how do I know that a cert is valid if the CA is known to keep disasters a secret?