[Ach] StartSSL for Business Sysadmins
rainer at hoerbe.at
Mon Jan 13 20:42:15 CET 2014
> I find the CA bashing on this list a bit naive and irresponsible.
That is besides the point. A professionally run CA (however you qualify this) deserves a certain trustworthiness.
My point was that a highly secure cert from SuperSecureCA.com does not make my server better, because it can always be impersonated from weaker CAs. It is the lowest common denominator that counts.
It is a different story in closed environments with managed clients. Reliable CAs do make a difference.
> A professional commercial CA is normally far more trustworthy than a free CA because of the infrastructure and security of their datacentres, their adherence to certificate security policies, the availability of their OCSP and CRLs, the money they guarantee to pay should one of their certificates be falsely issued, and so on.
Those "Free" packaged are not really free. Either the cert is a marketing tool, or there is some other business model. Startssl.com ist not 100% free, e.g. they charge for revocation.
More information about the Ach