On 04/30/2014 01:25 AM, Martin Gollowitzer wrote:
You might want to consider my blogpost about StartSSL
Yeah, I don't quite see your point. They are providing a very valuable service for free, and charge a nominal fee for revoking a cert. If you add up all the times you have not paid fees for the certificates themselves, vs. the rare occasions when you have to revoke one, I think you're still coming out way ahead. Personally I think it's awesome that they're allowing a free revocation re Heartbleed at all, since ...
... your whole premise seems to be invalid as there is no clear evidence at this time (that I'm aware of, and I've been paying attention) that any actual secret keys have been compromised by Heartbleed. It was listed as a potential risk when the vulnerability was first announced, but several groups have done research on that specific point and have found that it would be sufficiently difficult, if not actually impossible; to render this particular risk as negligible at best.
Meanwhile, if your response is going to be in the nature of, "Everything I want should be given to me free just because I want it" please don't bother.
Doug _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
