New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
already posted in cest pit, nice repost tho
Worth it's own post IMO.
Looks like I'll be switching to Let's Encrypt. Was using startcom just for the wildcard.
How can a company who's products/services relies so heavily on trust be so shady? I understand that large companies are greedy and driven solely by money but that doesn't mean you have to treat your clients like crap to do it. There are plenty of business models where you can put the clients first and still make a profit, unfortunately greed is stronger than morals and human decency can be replaced with a nice check instead.
So it sounds like they're going even further than Mozilla - not only are no new certs to be trusted, but only some existing ones and even then only for a limited (unspecified) period of time so people can flee to other CAs.
I doubt these are the only CAs that have done shady things, they are just the ones that got caught. The whole CA-based security model is flawed and needs to be revamped.
Well it's Google, what do you expect.
Yeah that sucks, may have to end my hold-out on WoSign after all.
I don't know why you ppl are against these, why will you trust on a CA that has given malicious certs?
My comment was towards WoSign/StartCom
I support Google here, WoSign/StartCom can DIAF.
Google had beef with the owners of norton for creating google.com SSLs for their own use without gaining permission from google.
Plus they only distrust new certs. (But intend to remove old by the wording). Anyone with a wosign cert. PP dispute and move on
Money talks, all browsers US based and easy to deal with it.