Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Free as long as you never have to revoke them. Which means people primarily looking at costs are actually incentived to not revoke compromised certs.


Revoking has an actual cost itself for them too (and for all client, in the end) due to the revocation list growing.

Revocation isn't part of the normal lifecyle of TLS certificates either: you'll only need this once you've had a security breach.


Which is still waaaay better if they ran HTTP.


I don't agree. False pretense of security can be worse than visible insecurity.


> False pretense of security can be worse than visible insecurity.

This applies to HTTP as well. That's why Firefox and Chrome will be visibly warning it's insecure.


Which is fine. I wasn't arguing against the changes, but against citing startssl.com as a good solution (Even though I have to admit that their service overall extremely likely has done more good than damage, I really dislike that aspect of their offering)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: